DRUPAL-CONTRIB-2023-005

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/apigee_edge/DRUPAL-CONTRIB-2023-005.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2023-005
Published
2023-02-01T16:13:42Z
Modified
2025-12-10T23:33:45.174508Z
Summary
[none]
Details

The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal.

Previous module versions did not support entity query level access checking, which could have led to information disclosure or access bypass in various places.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/apigee_edge

Package

Name
drupal/apigee_edge
Purl
pkg:composer/drupal/apigee_edge

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.27.0
Database specific
{
    "constraint": "<1.27.0"
}
Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.8
Database specific
{
    "constraint": ">=2.0.0 <2.0.8"
}

Database specific

affected_versions
"<1.27.0 || >=2.0.0 <2.0.8"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/apigee_edge/DRUPAL-CONTRIB-2023-005.json"