DRUPAL-CONTRIB-2020-035

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/examples/DRUPAL-CONTRIB-2020-035.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2020-035

Published

2020-11-18T17:15:24Z

Modified

2025-12-10T23:33:03.696761Z

Summary

[none]

Details

The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities.

Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can added back in the future.

References

https://www.drupal.org/sa-contrib-2020-035

Credits

- Alex Pott
- - https://www.drupal.org/user/157725

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/examples

Package

Name: drupal/examples
Purl: pkg:composer/drupal/examples

Affected ranges

Type

ECOSYSTEM

Events

Introduced

1.0.0

Last affected

1.0.0

Database specific

{
    "constraint": "1.0.0"
}

Type

ECOSYSTEM

Events

Introduced

3.0.0

Last affected

3.0.0

Database specific

{
    "constraint": "3.0.0"
}

Type

ECOSYSTEM

Events

Introduced

3.0.1

Last affected

3.0.1

Database specific

{
    "constraint": "3.0.1"
}

Database specific

affected_versions

"1.0.0 || 3.0.0 || 3.0.1"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/examples/DRUPAL-CONTRIB-2020-035.json"