DRUPAL-CONTRIB-2021-017

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/block_content_revision_ui/DRUPAL-CONTRIB-2021-017.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-017

Published

2021-06-16T16:15:21Z

Modified

2025-12-10T23:28:58.592617Z

Summary

[none]

Details

This module provides a revision UI to Block Content entities.

The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules.

This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided by Block Content Revision UI, and another affected module must be enabled.

References

https://www.drupal.org/sa-contrib-2021-017

Credits

- Michael Strelan
- - https://www.drupal.org/user/314289

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/block_content_revision_ui

Package

Name: drupal/block_content_revision_ui
Purl: pkg:composer/drupal/block_content_revision_ui

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2.127.1

Database specific

{
    "constraint": "<2.127.1"
}

Database specific

affected_versions

"<2.127.1"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/block_content_revision_ui/DRUPAL-CONTRIB-2021-017.json"