DRUPAL-CONTRIB-2018-017

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/exif/DRUPAL-CONTRIB-2018-017.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2018-017
Published
2018-03-21T17:05:41Z
Modified
2025-12-10T23:29:29.001960Z
Summary
[none]
Details

This module enables you to retrieve image metadata and use them in fields or title.

The module doesn't sufficiently restrict access to module setting pages thereby causing an access bypass vulnerability.

This vulnerability is mitigated by the fact that an attacker must have permission to create entities of certain content entity types.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/exif

Package

Name
drupal/exif
Purl
pkg:composer/drupal/exif

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.0
Database specific 
{
    "constraint": "<1.1.0"
}

Database specific

affected_versions 
"<1.1.0"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/exif/DRUPAL-CONTRIB-2018-017.json"