Deserialization Vulnerability in Drupal Monster Menus
CVE-2024-13288

4.3MEDIUM

Key Information:

Vendor: Drupal
Status: Monster Menus
Vendor: CVE Published:; 9 January 2025

Summary

A vulnerability in the Monster Menus module for Drupal allows for object injection through the deserialization of untrusted data. This issue affects versions of Monster Menus prior to 9.3.4 and versions from 9.4.0 to 9.4.2. Exploitation of this vulnerability could lead to unauthorized actions within the application, making it essential for users to update to the recommended versions to ensure their systems are secure.

Affected Version(s)

Monster Menus 0.0.0 < 9.3.4

Monster Menus 9.4.0 < 9.4.2

References

https://www.drupal.org/sa-contrib-2024-052

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025

Credit

Drew Webber

Dan Wilga

Greg Knaddison

Juraj Nemec

Drew Webber