GHSA-7cwc-fjqm-8vh8
GitHub Security Advisory
Drupal core Access bypass
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Drupal's uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation. As a result, a user may be able to register with the same email address as another user. This may lead to data integrity issues. This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
Affected Packages
Packagist
drupal/core
Affected versions:
8.0.0
(fixed in 10.2.11)
Packagist
drupal/core
Affected versions:
10.3.0
(fixed in 10.3.9)
Packagist
drupal/core
Affected versions:
11.0.0
(fixed in 11.0.8)
Packagist
drupal/core-recommended
Affected versions:
8.0.0
(fixed in 10.2.11)
Packagist
drupal/core-recommended
Affected versions:
10.3.0
(fixed in 10.3.9)
Packagist
drupal/core-recommended
Affected versions:
11.0.0
(fixed in 11.0.8)
Packagist
drupal/drupal
Affected versions:
8.0.0
(fixed in 10.2.11)
Packagist
drupal/drupal
Affected versions:
10.3.0
(fixed in 10.3.9)
Packagist
drupal/drupal
Affected versions:
11.0.0
(fixed in 11.0.8)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: June 18, 2025 6:25 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.