DRUPAL-CONTRIB-2021-016

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/linky_revision_ui/DRUPAL-CONTRIB-2021-016.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-016

Published

2021-06-16T16:05:14Z

Modified

2025-12-10T23:28:56.594734Z

Summary

[none]

Details

This module provides a revision UI to Linky entities.

The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules.

This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided by Linky Revision UI, and another affected module must be enabled.

References

https://www.drupal.org/sa-contrib-2021-016

Credits

- Michael Strelan
- - https://www.drupal.org/user/314289

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/linky_revision_ui

Package

Name: drupal/linky_revision_ui
Purl: pkg:composer/drupal/linky_revision_ui

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2.127.1

Database specific

{
    "constraint": "<2.127.1"
}

Database specific

affected_versions

"<2.127.1"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/linky_revision_ui/DRUPAL-CONTRIB-2021-016.json"