DRUPAL-CONTRIB-2021-023

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/form_mode_manager/DRUPAL-CONTRIB-2021-023.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-023
Published
2021-07-21T16:51:57Z
Modified
2025-12-10T23:29:47.614867Z
Summary
[none]
Details

This module provides a user interface that allows the implementation and use of Form modes without custom development.

The module does not sufficiently respect access restrictions to entity forms for routes it creates to use specific form modes.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to use a specific form mode, for example use X form mode.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/form_mode_manager

Package

Name
drupal/form_mode_manager
Purl
pkg:composer/drupal/form_mode_manager

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0
Database specific
{
    "constraint": "<1.4.0"
}

Database specific

affected_versions
"<1.4.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/form_mode_manager/DRUPAL-CONTRIB-2021-023.json"