Deserialization of Untrusted Data Vulnerability in Drupal Node Export
CVE-2024-13295

Currently unrated

Key Information:

Vendor: Drupal
Vendor: CVE Published:; 9 January 2025

Summary

A vulnerability in the Node export module of Drupal allows for deserialization of untrusted data, potentially leading to object injection attacks. This affects versions prior to 7.X-3.3, making it critical for users to update and secure their installations to prevent unauthorized access and manipulation of data.

References

https://www.drupal.org/sa-contrib-2024-061

Timeline

Vulnerability published
Jan 9, 2025