DRUPAL-CONTRIB-2024-030

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/responsive_menu/DRUPAL-CONTRIB-2024-030.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-030
Aliases
  • CVE-2024-13266
Published
2024-08-21T16:23:02Z
Modified
2025-12-10T23:41:33.278366Z
Summary
[none]
Details

This module integrates the mmenu library with Drupal's menu system with the aim of having an off-canvas mobile menu and a horizontal menu at wider widths.

The module doesn't respect custom node access restrictions implemented through hook_ENTITY_TYPE_access hooks meaning the titles of restricted nodes can appear in the menu.

Only sites with modules that implement hook_ENTITY_TYPE_access to restrict access to nodes are effected.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/responsive_menu

Package

Name
drupal/responsive_menu
Purl
pkg:composer/drupal/responsive_menu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.4
Database specific 
{
    "constraint": "<4.4.4"
}

Database specific

affected_versions 
"<4.4.4"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/responsive_menu/DRUPAL-CONTRIB-2024-030.json"