DRUPAL-CONTRIB-2019-004

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/preview_link/DRUPAL-CONTRIB-2019-004.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2019-004

Published

2019-01-23T17:01:58Z

Modified

2025-12-10T23:32:49.228725Z

Summary

[none]

Details

The Preview Link module enables you to generate preview links so anonymous users can access unpublished revisions of content.
The last release of the module introduced an access bypass allowing users to present invalid tokens but still access unpublished content.

References

https://www.drupal.org/sa-contrib-2019-004

Credits

- Daniel
- - https://www.drupal.org/user/81431

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/preview_link

Package

Name: drupal/preview_link
Purl: pkg:composer/drupal/preview_link

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.1.0

Database specific

{
    "constraint": "<1.1.0"
}

Database specific

affected_versions

"<1.1.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/preview_link/DRUPAL-CONTRIB-2019-004.json"