DRUPAL-CONTRIB-2021-043

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/loft_data_grids/DRUPAL-CONTRIB-2021-043.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2021-043

Published

2021-10-13T16:32:09Z

Modified

2025-12-10T23:33:14.795978Z

Summary

[none]

Details

This module enables aklump/loft_data_grids to be used as a Drupal module.

Excel support was provided by https://packagist.org/packages/phpoffice/phpexcel, which is abandoned and there are known security vulnerabilities: [CVE-2018-19277]: PHPOffice/PhpSpreadsheet#771. Excel support has since been replaced with the newer https://github.com/PHPOffice/PhpSpreadsheet library.

This module provides an API and This vulnerability is not exploitable in the module itself. This vulnerability only exists if custom code or another module uses the API of this module to read a spreadsheet.

References

https://www.drupal.org/sa-contrib-2021-043

Credits

- Lucas Hedding
- - https://www.drupal.org/user/1463982

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/loft_data_grids

Package

Name: drupal/loft_data_grids
Purl: pkg:composer/drupal/loft_data_grids

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.4.0

Database specific

{
    "constraint": "<1.4.0"
}

Database specific

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/loft_data_grids/DRUPAL-CONTRIB-2021-043.json"

affected_versions

"<1.4.0"