---

CVE-2020-13672 - log back

CVE-2020-13672 edited at 27 Apr 2021 23:07:46
Severity	- Unknown + Critical
Remote	- Unknown + Remote
Type	- Unknown + Cross-site scripting
Description	+ Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. The issue is fixed in Drupal versions 9.1.7, 9.0.12, 8.9.14 and 7.80.
References	+ https://www.drupal.org/sa-core-2021-002 + https://github.com/drupal/drupal/commit/0d8712d87216b3dfccc511cff3cf2f753620a5ee

CVE-2020-13672 created at 27 Apr 2021 23:04:37
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes