DRUPAL-CONTRIB-2022-023

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/fancy_file_delete/DRUPAL-CONTRIB-2022-023.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-023
Published
2022-02-09T15:17:56Z
Modified
2025-12-10T23:33:48.666179Z
Summary
[none]
Details

This module enables you to manage and delete files.

The module doesn't sufficiently protect unmanaged files from view under the scenario unauthenticated user knows path to visit the view and can attempt to delete files which results in duplicate files being created.

To mitigate this issue without deploying code, review all views that are based on Fancy File Delete and ensure they have an access control set to use the permission "administer unmanaged files entities".

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/fancy_file_delete

Package

Name
drupal/fancy_file_delete
Purl
pkg:composer/drupal/fancy_file_delete

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.7
Database specific
{
    "constraint": "<2.0.7"
}

Database specific

affected_versions
"<2.0.7"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/fancy_file_delete/DRUPAL-CONTRIB-2022-023.json"