DRUPAL-CONTRIB-2018-071

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/decoupled_router/DRUPAL-CONTRIB-2018-071.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2018-071

Published

2018-10-31T14:59:17Z

Modified

2025-12-10T23:33:16.507026Z

Summary

[none]

Details

This module enables you to resolve the provided Drupal path in order to find the canonical path and information about the resolved entity. This information includes entity type ID, entity ID, entity UUID and entity label.

The module doesn't sufficiently check access before displaying entity labels. This leads to the display of labels on entities that are not be accessible, for example; titles of unpublished content.

References

https://www.drupal.org/sa-contrib-2018-071

Credits

- Rainer Friederich
- - https://www.drupal.org/user/3066367

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/decoupled_router

Package

Name: drupal/decoupled_router
Purl: pkg:composer/drupal/decoupled_router

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.2.0

Database specific

{
    "constraint": "<1.2.0"
}

Database specific

affected_versions

"<1.2.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/decoupled_router/DRUPAL-CONTRIB-2018-071.json"