DRUPAL-CONTRIB-2025-123

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/entity_share/DRUPAL-CONTRIB-2025-123.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-123
Aliases
  • CVE-2025-13985
Published
2025-12-03T18:49:40Z
Modified
2025-12-10T23:41:31.662546Z
Summary
[none]
Details

This module enables you to deploy content from one Drupal website to another.

The module provides some default configuration without sufficient access control.

This vulnerability is mitigated by the fact that an administrator can add some default access control permission.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/entity_share

Package

Name
drupal/entity_share
Purl
pkg:composer/drupal/entity_share

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.13.0
Database specific 
{
    "constraint": "<3.13.0"
}

Database specific

affected_versions

"<3.13.0"