Drupal Monster Menus Object Injection Vulnerability via Deserialization of Untrusted Data

Vulnerability

A deserialization vulnerability allowing object injection has been identified in the Drupal Monster Menus module, affecting versions 0.0.0 prior to 9.3.4 and 9.4.0 prior to 9.4.2.

Impact

Exploitation of this vulnerability allows for object injection, which could lead to various types of attacks depending on the injected object and the application's behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Monster Menus Object Injection Vulnerability via Deserialization of Untrusted Data

Vulnerability

Impact

Affected Products

Drupal Monster Menus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating