DRUPAL-CONTRIB-2021-008

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/facets/DRUPAL-CONTRIB-2021-008.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-008
Published
2021-05-12T16:14:35Z
Modified
2025-12-10T23:33:32.579301Z
Summary
[none]
Details

This module enables you to add customizable facets on search pages, from core search or searches provided by Search API.

The module doesn't sufficiently filter all output in certain circumstances.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer facets".

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/facets

Package

Name
drupal/facets
Purl
pkg:composer/drupal/facets

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0
Database specific 
{
    "constraint": "<1.8.0"
}

Database specific

affected_versions 
"<1.8.0"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/facets/DRUPAL-CONTRIB-2021-008.json"