DRUPAL-CONTRIB-2020-018

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/webform/DRUPAL-CONTRIB-2020-018.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2020-018

Published

2020-05-13T16:22:47Z

Modified

2025-12-10T23:33:23.496774Z

Summary

[none]

Details

This webform module enables you to build a 'Term checkboxes' element.

The module doesn't sufficiently check term 'view' access when rendering 'Term checkboxes' elements. Unpublished terms will always appear in the 'Term checkboxes' element.

References

https://www.drupal.org/sa-contrib-2020-018

Credits

- Joseph Zhao
- - https://www.drupal.org/user/1987218

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/webform

Package

Name: drupal/webform
Purl: pkg:composer/drupal/webform

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

5.12.0

Database specific

{
    "constraint": "<5.12.0"
}

Database specific

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/webform/DRUPAL-CONTRIB-2020-018.json"

affected_versions

"<5.12.0"