- Backdrop Core 1.x.x versions prior to 1.12.4
The Views module included in Backdrop core doesn't sufficiently protect against argument definitions failing.
This vulnerability is mitigated by the fact that a view must have custom PHP code used as a field validator.
Note: Backdrop issues individual security advisories for separate vulnerabilities included in a release, rather than lumping "multiple vulnerabilities" into a single advisory. All advisories released today for Backdrop core: