DRUPAL-CONTRIB-2021-021

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/linky_revision_ui/DRUPAL-CONTRIB-2021-021.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-021
Published
2021-06-30T16:43:19Z
Modified
2025-12-10T23:28:55.206905Z
Summary
[none]
Details

This module provides a revision UI for Linky entities.

The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules.

This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided by Linky Revision UI, and another affected module must be enabled.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/linky_revision_ui

Package

Name
drupal/linky_revision_ui
Purl
pkg:composer/drupal/linky_revision_ui

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.127.2
Database specific 
{
    "constraint": "<2.127.2"
}

Database specific

affected_versions 
"<2.127.2"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/linky_revision_ui/DRUPAL-CONTRIB-2021-021.json"