DRUPAL-CONTRIB-2021-041

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/tb_megamenu/DRUPAL-CONTRIB-2021-041.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-041
Published
2021-09-22T17:26:20Z
Modified
2025-12-10T23:33:03.523703Z
Summary
[none]
Details

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content.

This module has a vulnerability whereby users can select blocks as a menu item they don't have permission to view.

The vulnerability is mitigated by the fact that it can only be exploited by an attacker with the "Administer TB Mega Menu" permission.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/tb_megamenu

Package

Name
drupal/tb_megamenu
Purl
pkg:composer/drupal/tb_megamenu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0
Database specific
{
    "constraint": "<1.4.0"
}

Database specific

affected_versions
"<1.4.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/tb_megamenu/DRUPAL-CONTRIB-2021-041.json"