Vulnerability from drupal
Published
2022-10-12 19:41
Modified
2023-08-10 19:30
Summary
Details

This module enables themers to get partial data from field render arrays. It gives them more control over the output without drilling deep into the render array or using preprocess functions.

The module doesn't sufficiently apply access restrictions when using the filters field_label, field_value, field_raw and field_target_entity.

This vulnerability is mitigated by the fact that these filters must be used in combination with either unpublished content or access control modules.

Credits
Erik Stielstra www.drupal.org/user/73854
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "affected_versions": "\u003c2.0.1"
      },
      "package": {
        "ecosystem": "Packagist:https://packages.drupal.org/8",
        "name": "drupal/twig_field_value"
      },
      "ranges": [
        {
          "database_specific": {
            "constraint": "\u003c2.0.1"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": []
    }
  ],
  "aliases": [],
  "credits": [
    {
      "contact": [
        "https://www.drupal.org/user/73854"
      ],
      "name": "Erik Stielstra"
    }
  ],
  "details": "This module enables themers to get partial data from field render arrays. It gives them more control over the output without drilling deep into the render array or using preprocess functions.\n\nThe module doesn\u0027t sufficiently apply access restrictions when using the filters field\\_label, field\\_value, field\\_raw and field\\_target\\_entity.\n\nThis vulnerability is mitigated by the fact that these filters must be used in combination with either unpublished content or access control modules.",
  "id": "DRUPAL-CONTRIB-2022-058",
  "modified": "2023-08-10T19:30:04.000Z",
  "published": "2022-10-12T19:41:07.000Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2022-058"
    }
  ],
  "schema_version": "1.7.0"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.