DRUPAL-CONTRIB-2024-017

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/advanced_pwa/DRUPAL-CONTRIB-2024-017.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-017

Aliases

CVE-2024-13253

Published

2024-04-24T13:16:40Z

Modified

2025-12-10T23:41:25.773688Z

Summary

[none]

Details

Progressive web applications are web applications that load like regular web pages or websites but can offer the user functionality such as working offline, push notifications, and device hardware access traditionally available only to native applications.

This module doesn't sufficiently protect access to the settings form, allowing an unauthorized malicious user to view and modify the module settings.

References

https://www.drupal.org/sa-contrib-2024-017

Credits

- Andre Groendijk
- - https://www.drupal.org/user/3734548
- Matthew Grasmick
- - https://www.drupal.org/user/455714

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/advanced_pwa

Package

Name: drupal/advanced_pwa
Purl: pkg:composer/drupal/advanced_pwa

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.5.0

Database specific

{
    "constraint": "<1.5.0"
}

Database specific

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/advanced_pwa/DRUPAL-CONTRIB-2024-017.json"

affected_versions

"<1.5.0"