CVE-2013-4446
The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors related to Ajax operations, possibly involving eval injection.
| Software | From | Fixed in |
|---|---|---|
| steven_jones / context | 6.x-2.0-beta7 | 6.x-2.0-beta7.x |
| steven_jones / context | 6.x-2.0-beta2 | 6.x-2.0-beta2.x |
| steven_jones / context | 6.x-2.0-beta4 | 6.x-2.0-beta4.x |
| steven_jones / context | 6.x-2.0-rc3 | 6.x-2.0-rc3.x |
| steven_jones / context | 6.x-2.0-beta6 | 6.x-2.0-beta6.x |
| steven_jones / context | 6.x-2.0-beta1 | 6.x-2.0-beta1.x |
| steven_jones / context | 6.x-2.0-rc1 | 6.x-2.0-rc1.x |
| steven_jones / context | 6.x-2.0-beta3 | 6.x-2.0-beta3.x |
| steven_jones / context | 6.x-2.0-alpha2 | 6.x-2.0-alpha2.x |
| steven_jones / context | 6.x-2.0-rc2 | 6.x-2.0-rc2.x |
| steven_jones / context | 6.x-2.0-alpha1 | 6.x-2.0-alpha1.x |
| steven_jones / context | 6.x-2.0-beta5 | 6.x-2.0-beta5.x |
| steven_jones / context | 6.x-3.0-rc1 | 6.x-3.0-rc1.x |
| steven_jones / context | 6.x-3.0-beta2 | 6.x-3.0-beta2.x |
| steven_jones / context | 6.x-3.0-beta4 | 6.x-3.0-beta4.x |
| steven_jones / context | 6.x-3.0-beta8 | 6.x-3.0-beta8.x |
| steven_jones / context | 6.x-3.0 | 6.x-3.0.x |
| steven_jones / context | 6.x-3.0-beta6 | 6.x-3.0-beta6.x |
| steven_jones / context | 6.x-3.0-alpha1 | 6.x-3.0-alpha1.x |
| steven_jones / context | 6.x-3.0-alpha2 | 6.x-3.0-alpha2.x |
| steven_jones / context | 6.x-3.0-beta1 | 6.x-3.0-beta1.x |
| steven_jones / context | 6.x-3.0-beta7 | 6.x-3.0-beta7.x |
| steven_jones / context | 6.x-3.0-beta5 | 6.x-3.0-beta5.x |
| steven_jones / context | 6.x-3.0-beta3 | 6.x-3.0-beta3.x |
| steven_jones / context | 6.x-3.0-rc2 | 6.x-3.0-rc2.x |
| steven_jones / context | 6.x-3.1 | 6.x-3.1.x |
| steven_jones / context | 6.x-3.x-dev | 6.x-3.x-dev.x |
| steven_jones / context | 7.x-3.0-beta2 | 7.x-3.0-beta2.x |
| steven_jones / context | 7.x-3.0-beta5 | 7.x-3.0-beta5.x |
| steven_jones / context | 7.x-3.0-alpha1 | 7.x-3.0-alpha1.x |
| steven_jones / context | 7.x-3.0-beta4 | 7.x-3.0-beta4.x |
| steven_jones / context | 7.x-3.0-beta6 | 7.x-3.0-beta6.x |
| steven_jones / context | 7.x-3.0-alpha3 | 7.x-3.0-alpha3.x |
| steven_jones / context | 7.x-3.0-beta3 | 7.x-3.0-beta3.x |
| steven_jones / context | 7.x-3.0-alpha2 | 7.x-3.0-alpha2.x |
| steven_jones / context | 7.x-3.0-beta7 | 7.x-3.0-beta7.x |
| steven_jones / context | 7.x-3.0-beta1 | 7.x-3.0-beta1.x |
| steven_jones / context | 7.x-3.x-dev | 7.x-3.x-dev.x |
- http://drupalcode.org/project/context.git/commitdiff/63ef4d9
- http://drupalcode.org/project/context.git/commitdiff/d7b4afa
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121433.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122298.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122308.html
- https://drupal.org/node/2112785
- https://drupal.org/node/2112791
- https://drupal.org/node/2113317
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime