Block Content Revision UI - Moderately critical - Access bypass - SA-CONTRIB-2021-022

This module provides a revision UI for Block Content entities. The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules. This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions...

DRUPAL-CONTRIB-2018-021

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't provide CSRF protection when processing authenticated traffic using cookie-based authentication. This vulnerability is mitigated by the fact that an...

DRUPAL-CONTRIB-2018-017

This module enables you to retrieve image metadata and use them in fields or title. The module doesn't sufficiently restrict access to module setting pages thereby causing an access bypass vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to create...

Exif - Critical - Access bypass - SA-CONTRIB-2018-017

This module enables you to retrieve image metadata and use them in fields or title. The module doesn't sufficiently restrict access to module setting pages thereby causing an access bypass vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to create...