DRUPAL-CONTRIB-2024-004

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2024-004.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-004

Aliases

CVE-2024-13240

Withdrawn

2026-03-18T18:00:07.404950Z

Published

2024-01-24T15:45:49Z

Modified

2026-03-18T18:00:07.404950Z

Summary

[none]

Details

Content within Open Social can have different visibilities. It is possible for a user to create public content even when this should not be allowed.
This vulnerability is mitigated by the fact that the site must have public visibility disabled on a global level.

References

https://www.drupal.org/sa-contrib-2024-004

Credits

- Corn696
- - https://www.drupal.org/user/3544002

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/social

Package

Name: drupal/social
Purl: pkg:composer/drupal/social

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

12.0.5

Database specific

{
    "constraint": "<12.0.5"
}

Database specific

affected_versions

"<12.0.5"

patched

true

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2024-004.json"