DRUPAL-CONTRIB-2020-016

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/webform/DRUPAL-CONTRIB-2020-016.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2020-016
Published
2020-05-06T16:59:39Z
Modified
2025-12-10T23:33:22.425467Z
Summary
[none]
Details

This webform module enables you to build 'Term select' and 'Term checkboxes' elements.

The module doesn't sufficiently check term 'view' access when rendering the 'Term select' and 'Term checkboxes' elements. Unpublished terms will always appear in the 'Term select' and 'Term checkboxes' elements.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/webform

Package

Name
drupal/webform
Purl
pkg:composer/drupal/webform

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.11.0
Database specific 
{
    "constraint": "<5.11.0"
}

Database specific

affected_versions 
"<5.11.0"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/webform/DRUPAL-CONTRIB-2020-016.json"