Description
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Remediation
References
Related Vulnerabilities
WordPress Plugin School Management System-WPSchoolPress Multiple Vulnerabilities (2.1.9)
Drupal Other Vulnerability (CVE-2016-3164)
WordPress Plugin Mail On Update Cross-Site Request Forgery (5.1.0)
phpMyFAQ Authentication Bypass by Capture-replay Vulnerability (CVE-2023-1886)
WordPress Plugin wpShopGermany Free Arbitrary File Upload (4.0.10)