DRUPAL-CONTRIB-2018-073

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/paragraphs/DRUPAL-CONTRIB-2018-073.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2018-073

Published

2018-10-31T17:53:57Z

Modified

2025-12-10T23:33:43.090684Z

Summary

[none]

Details

The Paragraphs module allows Drupal Site Builders to make content organization cleaner so that you can give more editing power to end-users.

The module doesn't sufficiently check access to create new paragraph entities which can cause access bypass issues when used in combination with other contributed modules.

References

https://www.drupal.org/sa-contrib-2018-073

Credits

- Sam Becker
- - https://www.drupal.org/user/1485048

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/paragraphs

Package

Name: drupal/paragraphs
Purl: pkg:composer/drupal/paragraphs

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.5.0

Database specific

{
    "constraint": "<1.5.0"
}

Database specific

affected_versions

"<1.5.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/paragraphs/DRUPAL-CONTRIB-2018-073.json"