DRUPAL-CONTRIB-2019-068

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/permissions_by_term/DRUPAL-CONTRIB-2019-068.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2019-068

Published

2019-09-25T14:43:49Z

Modified

2025-12-10T23:32:38.259465Z

Summary

[none]

Details

This module enables you to control access to content based on taxonomy terms. The module doesn't sufficiently check if a given entity should be access controlled, defaulting to allowing access even to unpublished nodes.

The vulnerability is mitigated by the fact that the submodule Permissions by Entity must also be enabled.

References

https://www.drupal.org/sa-contrib-2019-068

Credits

- Jimmy Henderickx
- - https://www.drupal.org/user/462700

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/permissions_by_term

Package

Name: drupal/permissions_by_term
Purl: pkg:composer/drupal/permissions_by_term

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2.11.0

Database specific

{
    "constraint": "<2.11.0"
}

Database specific

affected_versions

"<2.11.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/permissions_by_term/DRUPAL-CONTRIB-2019-068.json"