DRUPAL-CONTRIB-2022-042

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/embed/DRUPAL-CONTRIB-2022-042.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-042

Published

2022-05-25T16:45:17Z

Modified

2025-12-10T23:33:27.572005Z

Summary

[none]

Details

The Drupal Embed module provides a filter to allow embedding various embeddable items like entities in content fields.

In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed items. In some cases, this could lead to Cross-Site Request Forgery.

References

https://www.drupal.org/sa-contrib-2022-042

Credits

- Aaron Zinck
- - https://www.drupal.org/user/518662

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/embed

Package

Name: drupal/embed
Purl: pkg:composer/drupal/embed

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.5.0

Database specific

{
    "constraint": "<1.5.0"
}

Database specific

affected_versions

"<1.5.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/embed/DRUPAL-CONTRIB-2022-042.json"