DRUPAL-CONTRIB-2026-037

Import Source

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-037

Aliases

Published

2026-05-13T17:19:25Z

Modified

2026-05-13T19:00:15.144188Z

Summary

[none]

Details

This module enables you to export entity date fields as iCal feeds.

The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds.

This vulnerability is not mitigated by any permission, the routes are accessible to all anonymous users with no configuration required.

References

Credits

Affected packages

Type

ECOSYSTEM

Events

Introduced

Fixed

4.0.15

Database specific

{
    "constraint": "<4.0.15"
}

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/date_ical/DRUPAL-CONTRIB-2026-037.json"

affected_versions

"<4.0.15"