DRUPAL-CONTRIB-2023-010

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/media_responsive_thumbnail/DRUPAL-CONTRIB-2023-010.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2023-010

Published

2023-03-15T17:22:57Z

Modified

2025-12-10T23:33:16.573835Z

Summary

[none]

Details

The Media Responsive Thumbnail module allows media reference fields to be rendered as a responsive image.

This module does not properly check entity access prior to rendering media. This may result in users seeing thumbnails of media items they do not have access to.

This release was coordinated with SA-CORE-2023-002.

References

https://www.drupal.org/sa-contrib-2023-010

Credits

- Dan Flanagan
- - https://www.drupal.org/user/3615359

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/media_responsive_thumbnail

Package

Name: drupal/media_responsive_thumbnail
Purl: pkg:composer/drupal/media_responsive_thumbnail

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.5.0

Database specific

{
    "constraint": "<1.5.0"
}

Database specific

affected_versions

"<1.5.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/media_responsive_thumbnail/DRUPAL-CONTRIB-2023-010.json"