DRUPAL-CONTRIB-2024-052

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/monster_menus/DRUPAL-CONTRIB-2024-052.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-052

Aliases

CVE-2024-13288

Published

2024-10-23T15:45:47Z

Modified

2025-12-10T23:41:29.414522Z

Summary

[none]

Details

This module enables you to group nodes within pages that have a highly-granular, distributed permissions structure.

In certain cases the module doesn't sufficiently sanitize data before passing it to PHP's unserialize() function, which can result in arbitrary code execution.

References

https://www.drupal.org/sa-contrib-2024-052

Credits

- Drew Webber
- - https://www.drupal.org/user/255969

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/monster_menus

Package

Name: drupal/monster_menus
Purl: pkg:composer/drupal/monster_menus

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

9.3.4

Database specific

{
    "constraint": "<9.3.4"
}

Type

ECOSYSTEM

Events

Introduced

9.4.0

Fixed

9.4.2

Database specific

{
    "constraint": ">=9.4.0 <9.4.2"
}

Database specific

affected_versions

"<9.3.4 || >=9.4.0 <9.4.2"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/monster_menus/DRUPAL-CONTRIB-2024-052.json"