DRUPAL-CONTRIB-2022-040

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/wingsuit_companion/DRUPAL-CONTRIB-2022-040.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-040
Published
2022-05-18T17:13:43Z
Modified
2025-12-10T23:32:31.603488Z
Summary
[none]
Details

The Wingsuit module enables site builders to build UI Patterns (and|or) Twig Components with Storybook and use them without any mapping code in Drupal.

The module doesn't have an access check for the admin form allowing an attacker to view and modify the Wingsuit configuration.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/wingsuit_companion

Package

Name
drupal/wingsuit_companion
Purl
pkg:composer/drupal/wingsuit_companion

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.0
Database specific
{
    "constraint": "<1.1.0"
}

Database specific

affected_versions
"<1.1.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/wingsuit_companion/DRUPAL-CONTRIB-2022-040.json"