DRUPAL-CONTRIB-2023-003

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/media_library_block/DRUPAL-CONTRIB-2023-003.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2023-003
Published
2023-01-18T17:36:56Z
Modified
2025-12-10T23:31:31.947229Z
Summary
[none]
Details

The Media Library Block module allows you to render a media entity in a block.

The module does not properly check media access in some circumstances. This may result in unauthorized users (including anonymous users) seeing media items they are not authorized to access if a block containing a restricted media item is placed on the page.

Administrators may mitigate this vulnerability by removing blocks referencing media items that have access restrictions.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/media_library_block

Package

Name
drupal/media_library_block
Purl
pkg:composer/drupal/media_library_block

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.4
Database specific 
{
    "constraint": "<1.0.4"
}

Database specific

affected_versions 
"<1.0.4"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/media_library_block/DRUPAL-CONTRIB-2023-003.json"