DRUPAL-CONTRIB-2024-076

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2024-076.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-076

Aliases

CVE-2024-13312

Withdrawn

2026-03-18T18:00:07.425651Z

Published

2024-12-11T16:53:22Z

Modified

2026-03-18T18:00:07.425651Z

Summary

[none]

Details

Open Social is a Drupal distribution for online communities, which ships with a default (optional) module social_file_private to ensure the images and files provided by the distribution are stored in the private instead of the public filesystem.

For installations of Open Social prior to version 11.8.0, after updating to 11.8.0 or higher, newly uploaded files were no longer stored in the private file system as intended. Instead, they were stored in the public file system.

References

https://www.drupal.org/sa-contrib-2024-076

Credits

- corn696
- - https://www.drupal.org/user/3544002

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/social

Package

Name: drupal/social
Purl: pkg:composer/drupal/social

Affected ranges

Type

ECOSYSTEM

Events

Introduced

11.8.0

Fixed

12.3.10

Database specific

{
    "constraint": ">=11.8.0 <12.3.10"
}

Type

ECOSYSTEM

Events

Introduced

12.4.0

Fixed

12.4.9

Database specific

{
    "constraint": ">=12.4.0  <12.4.9"
}

Database specific

affected_versions

">=11.8.0 <12.3.10 || >=12.4.0  <12.4.9"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2024-076.json"