DRUPAL-CORE-2019-008

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/core/DRUPAL-CORE-2019-008.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CORE-2019-008
Aliases
Published
2019-07-17T16:05:11Z
Modified
2025-12-10T23:41:17.020713Z
Summary
[none]
Details

In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created.

This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are not affected.

References
Credits

Affected packages

Packagist / drupal/core

Package

Name
drupal/core
Purl
pkg:composer/drupal/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.7.4
Fixed
8.7.5
Database specific 
{
    "constraint": ">=8.7.4 <8.7.5"
}

Affected versions

8.*

8.7.4

Database specific

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/core/DRUPAL-CORE-2019-008.json"

affected_versions

">=8.7.4 <8.7.5"