DRUPAL-CONTRIB-2022-044

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/entity_browser_block/DRUPAL-CONTRIB-2022-044.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-044

Published

2022-05-25T16:53:45Z

Modified

2025-12-10T23:32:21.242972Z

Summary

[none]

Details

Entity Browser Block provides a Block Plugin for every Entity Browser on your site.

The module didn't sufficiently check entity view access in the block form.

This vulnerability is mitigated by the fact that an attacker must be able to place a block - either through the core "Block Layout" page or via a module like Layout Builder.

References

https://www.drupal.org/sa-contrib-2022-044

Credits

- Dan Flanagan
- - https://www.drupal.org/user/3615359

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/entity_browser_block

Package

Name: drupal/entity_browser_block
Purl: pkg:composer/drupal/entity_browser_block

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.2.0

Database specific

{
    "constraint": "<1.2.0"
}

Database specific

affected_versions

"<1.2.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/entity_browser_block/DRUPAL-CONTRIB-2022-044.json"