DRUPAL-CONTRIB-2025-065

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/quick_node_block/DRUPAL-CONTRIB-2025-065.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-065

Aliases

CVE-2025-48013
GHSA-r6xj-43cf-9f88

Published

2025-05-21T17:28:31Z

Modified

2025-12-10T23:41:04.550014Z

Summary

[none]

Details

This module provides a block to easily display a rendered node.

Access to the rendered node isn't validated before rendering the block. Allowing access to node content for users that would normally not be allowed to access the node.

References

https://www.drupal.org/sa-contrib-2025-065

Credits

- Mitch Portier (arkener)
- - https://www.drupal.org/u/arkener

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/quick_node_block

Package

Name: drupal/quick_node_block
Purl: pkg:composer/drupal/quick_node_block

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2.0.1

Database specific

{
    "constraint": "<2.0.1"
}

Database specific

affected_versions

"<2.0.1"

patched

true

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/quick_node_block/DRUPAL-CONTRIB-2025-065.json"