Back to Codebase

Vulnerability Analysis Report

Drupal Core v10.6.6

Scan ID: SCAN-DRUPAL-CORE-CIoyjo • Hash: 06a81a4f

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.981s

Vulnerability Details

L107

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:107
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($yi < $n_to || $this->xchanged[$xi]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L224

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:224
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($y < $this->seq[$k]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L233

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:233
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($k > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L273

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:273
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($ypos != $this->seq[$end]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L108

Dynamic Code Execution in DiffEngine.php

CWE-94
File Location: core/lib/Drupal/Component/Diff/Engine/DiffEngine.php:108
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this::USE_ASSERTS && assert($xi < $n_from || $this->ychanged[$yi]);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.