CVE advisoryKnown Exploit
CVE-2019-6340
Drupal Core: Code Execution Risk via Web Services.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Drupal core versions may allow arbitrary code execution if specific web services modules are enabled and non-form data is processed, posing a business risk. Affected organizations should identify and secure these installations.