Dor Tumarkin
Blog – Checkmarx

Drupal Core: Behind the Vulnerability

Drupal Core: Behind the Vulnerability

| | Blog, Checkmarx Security Research Team, CVE-2020-13669, Drupal security analysis, Self-XSS, Stored-XSS, Technical Blog, XSS
As you may recall, back in June, Checkmarx disclosed multiple cross-site scripting (XSS) vulnerabilities impacting Drupal Core, listed as CVE-2020-13663, followed by a more technical breakdown of the findings in late November. Today, we’re releasing details surrounding additional, new vulnerabilities (CVE-2020-13669) uncovered in Drupal Core as part of our continued ... Read More
Blog – Checkmarx
Drupal Core: Behind the Vulnerability

Drupal Core: Behind the Vulnerability

| | Blog, Checkmarx Security Research Team, CSRF, Drupal, Drupal security analysis, Reflected XSS, security vulnerability, Technical Blog
Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several interesting issues whose technical details are worth discussing openly. This article covers the technical facets of CVE-2020-13663 that ... Read More
Blog – Checkmarx
Exploiting Apache Dubbo Remote Code Execution Vulnerability

Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

| | Apache Dubbo, Apache Software Foundation, Application Security Awareness, Application Security Vulnerabilities, Blog, Checkmarx Security Research Team, Remote Code Execution Vulnerabilities, Technical Blog
Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes many things in many ways, and whose usage world-wide has grown significantly after its adoption by the Apache ... Read More
Blog – Checkmarx