DRUPAL-CONTRIB-2021-010

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2021-010.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-010

Withdrawn

2026-03-18T18:00:07.457223Z

Published

2021-06-02T16:49:49Z

Modified

2026-03-18T18:00:07.457223Z

Summary

[none]

Details

This Open Social distribution provides a turn-key system for building customized social networks.

The module doesn't sufficiently process data in certain circumstances.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access mentions".

References

https://www.drupal.org/sa-contrib-2021-010

Credits

- mindaugasd
- - https://www.drupal.org/user/330097

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/social

Package

Name: drupal/social
Purl: pkg:composer/drupal/social

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

9.17.0

Database specific

{
    "constraint": "<9.17.0"
}

Type

ECOSYSTEM

Events

Introduced

10.0.0

Fixed

10.0.13

Database specific

{
    "constraint": ">=10.0.0 <10.0.13"
}

Type

ECOSYSTEM

Events

Introduced

10.1.0

Fixed

10.1.6

Database specific

{
    "constraint": ">=10.1.0 <10.1.6"
}

Database specific

affected_versions

"<9.17.0 || >=10.0.0 <10.0.13 || >=10.1.0 <10.1.6"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2021-010.json"