DRUPAL-CONTRIB-2018-008

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/entity_ref_tab_formatter/DRUPAL-CONTRIB-2018-008.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2018-008
Published
2018-02-07T18:45:12Z
Modified
2025-12-10T23:33:48.670110Z
Summary
[none]
Details

This module enables you to show referenced entities in tabs.

The module doesn't sufficiently sanitize the body fields of the referenced entities when it prints them to the tabs.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission create/edit content of the content type that is referenced.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/entity_ref_tab_formatter

Package

Name
drupal/entity_ref_tab_formatter
Purl
pkg:composer/drupal/entity_ref_tab_formatter

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0
Database specific
{
    "constraint": "<1.3.0"
}

Database specific

affected_versions
"<1.3.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/entity_ref_tab_formatter/DRUPAL-CONTRIB-2018-008.json"