DRUPAL-CONTRIB-2021-042

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/linkit/DRUPAL-CONTRIB-2021-042.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-042
Published
2021-09-29T14:38:35Z
Modified
2025-12-10T23:33:27.270792Z
Summary
[none]
Details

Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field.

It does not sufficiently sanitize user input.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit an entity bundle.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/linkit

Package

Name
drupal/linkit
Purl
pkg:composer/drupal/linkit

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0
Database specific 
{
    "constraint": "<4.4.0"
}

Database specific

affected_versions 
"<4.4.0"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/linkit/DRUPAL-CONTRIB-2021-042.json"