DRUPAL-CONTRIB-2022-062

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2022-062.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-062
Withdrawn
2026-03-18T18:00:07.507479Z
Published
2022-11-30T15:34:03Z
Modified
2026-03-18T18:00:07.507479Z
Summary
[none]
Details

Social Private Message module allows users on the platform to allow users to send private messages to each other.

The module does not properly perform the correct access checks for certain operations.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/social

Package

Name
drupal/social
Purl
pkg:composer/drupal/social

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.4.9
Database specific 
{
    "constraint": "<11.4.9"
}
Type
ECOSYSTEM
Events
Introduced
11.5.0
Fixed
11.5.1
Database specific 
{
    "constraint": ">=11.5.0 <11.5.1"
}

Database specific

affected_versions 
"<11.4.9 || >=11.5.0 <11.5.1"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2022-062.json"