CVE-2024-22362: 
PHP vulnerability analysis and mitigation

Drupal contains a vulnerability with improper handling of structural elements (CVE-2024-22362) that was discovered in January 2024. The vulnerability affects Drupal version 9.3.6, while version 10 series and the latest version 9.5.x of the version 9 series are not affected. This security issue was reported by Shiga Takuma of BroadBand Security Inc. to IPA (JVN Report).

The vulnerability is characterized by improper handling of structural elements (CWE-237) in the Drupal system. It has received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it is network-accessible, requires low attack complexity, needs no privileges or user interaction, and has a high impact on availability (NVD).

If successfully exploited, this vulnerability could allow an attacker to cause a denial-of-service (DoS) condition, potentially affecting the availability of the affected Drupal installation (JVN Report).

Users are advised to update to the latest version (10 series) according to the information provided by the developer. It's important to note that support for Drupal version 9 series ended (EOL) in November 2023 (JVN Report).