DRUPAL-CONTRIB-2020-017

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/webform/DRUPAL-CONTRIB-2020-017.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2020-017

Published

2020-05-06T17:02:39Z

Modified

2025-12-10T23:33:23.075941Z

Summary

[none]

Details

This module enables you to build forms and surveys in Drupal.

The Webform Node sub-module allows these forms to be associated with a Drupal node. The Webform Node module does not implement access checking in the same manner as other nodes and entities. As such, writers of custom modules which implement webform_node, node, or entity access checks may not achieve the intended access results for Webform Node content.

There is no known exploit of this vulnerability and the vulnerability only exists on sites with custom code and a node access module in use.

References

https://www.drupal.org/sa-contrib-2020-017

Credits

- Dan Chadwick
- - https://www.drupal.org/user/504278

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/webform

Package

Name: drupal/webform
Purl: pkg:composer/drupal/webform

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

5.11.0

Database specific

{
    "constraint": "<5.11.0"
}

Database specific

affected_versions

"<5.11.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/webform/DRUPAL-CONTRIB-2020-017.json"