DRUPAL-CONTRIB-2019-092

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/smart_trim/DRUPAL-CONTRIB-2019-092.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2019-092

Published

2019-12-11T18:20:59Z

Modified

2025-12-10T23:33:28.376298Z

Summary

[none]

Details

The Smart Trim module allows site builders additional control with text summary fields.

The module doesn't sufficiently filter text when certain options are selected.

This vulnerability is mitigated by the fact that an attacker must have a role with the ability to create content on the site when certain options are selected for the trimmed output.

References

https://www.drupal.org/sa-contrib-2019-092

Credits

- Adam Shepherd
- - https://www.drupal.org/user/2650563
- Anne
- - https://www.drupal.org/u/ckaotik

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/smart_trim

Package

Name: drupal/smart_trim
Purl: pkg:composer/drupal/smart_trim

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.2.0

Database specific

{
    "constraint": "<1.2.0"
}

Database specific

affected_versions

"<1.2.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/smart_trim/DRUPAL-CONTRIB-2019-092.json"