GHSA-gf72-h4cp-wcm4

Source

https://github.com/advisories/GHSA-gf72-h4cp-wcm4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-gf72-h4cp-wcm4/GHSA-gf72-h4cp-wcm4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gf72-h4cp-wcm4

Aliases

CVE-2025-31685

Published

2025-04-01T00:30:34Z

Modified

2025-04-02T15:42:08.656090Z

Severity

2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Drupal Open Social Missing Authorization vulnerability

Details

Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing. This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.

Database specific

{
    "nvd_published_at": "2025-03-31T22:15:21Z",
    "cwe_ids": [
        "CWE-862"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-02T15:11:50Z"
}

References

Affected packages

Packagist / goalgorilla/open_social

Package

Name: goalgorilla/open_social
Purl: pkg:composer/goalgorilla/open_social

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.3.11

Affected versions

1.*

1.0.0-alpha6

1.0.0-alpha7

1.0.0-beta1

1.0.0-beta2

1.0.0-beta3

1.0.0-beta4

1.0.0-beta5

1.0.0-beta6

1.0.0-beta7

1.0.0-beta8

1.0.0-beta9

1.0.0-beta10

1.0.0-beta11

1.0.0-beta12

1.0.0-beta13

1.0.0-beta14

1.0.0-rc1

1.0.0-rc2

1.0.0-rc3

1.0.0-rc4

1.0.0-rc5

1.0.0-rc6

1.0.0-rc7

1.0.0-rc8

1.0.0

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0

1.7.0

1.8.0

1.9.0

1.10.0

1.11.0

1.12.0

1.13.0

1.14.0

1.15.0

1.16.0

1.17.0

1.18.0

1.19.0

2.*

2.0.0-beta1

2.0.0

2.1.0

2.2.0

2.3.0

2.4.0

2.5.0

2.6.0

2.7.0

2.8.0

2.9.0

3.*

3.0.0

3.1.0

3.2.0

3.3.0

3.4.0

3.5.0

3.6.0

3.7.0

3.8.0

3.9.0

3.10.0

3.11.0

3.12.0

3.13.0

3.14.0

3.15.0

4.*

4.0.0

4.1.0

4.2.0

4.3.0

4.4.0

4.5.0

4.6.0

4.7.0

4.8.0

4.9.0

4.10.0

4.11.0

4.12.0

4.13.0

4.14.0

4.15.0

5.*

5.0-alpha1

5.0.0

5.1.0

5.2.0

5.3.0

5.4.0

5.5.0

5.6.0

5.7.0

6.*

6.0.0

6.1.0

6.2.0

6.3.0

6.4.0

6.5.0

6.6.0

6.7.0

7.*

7.0.0-beta1

7.0.0-beta2

7.0.0

7.1.0

7.2.0

7.3.0

7.4.0

7.5.0

7.6.0

7.7.0

8.*

8.0.0

8.1.0

8.2.0

8.3.0

8.4.0

8.5.0

8.6.0

8.7.0

8.8.0

8.9.0

8.10.0

9.*

9.0.0-alpha1

9.0.0-beta-1

9.0.0

9.1.0

9.2.0

9.3.0

9.4.0

9.5.0

9.6.0

9.7.0

9.8.0

9.9.0

9.12.0

9.13.0

9.14.0

9.15.0

9.16.0

9.17.0

9.18.0

10.*

10.0.0

10.0.1

10.0.2

10.0.3

10.0.4

10.0.5

10.0.6

10.0.7

10.0.8

10.0.9

10.0.10

10.0.11

10.0.12

10.0.13

10.0.14

10.0.15

10.0.16

10.0.17

10.0.18

10.1.0

10.1.1

10.1.2

10.1.3

10.1.4

10.1.5

10.1.6

10.1.7

10.1.8

10.1.9

10.1.10

10.1.11

10.1.12

10.1.13

10.1.14

10.1.15

10.1.16

10.2.0

10.2.1

10.2.2

10.2.3

10.2.4

10.2.5

10.2.6

10.2.7

10.2.8

10.2.9

10.2.10

10.2.11

10.3.0

10.3.1

10.3.2

10.3.3

10.3.4

10.3.5

10.3.6

10.3.7

10.3.8

10.3.9

11.*

11.0.0-alpha1

11.0.0-rc1

11.0.0-rc2

11.0.0-rc3

11.0.0-rc4

11.0.0-rc5

11.0.0-rc6

11.0.0

11.0.1

11.0.2

11.0.3

11.0.4

11.0.5

11.0.6

11.0.7

11.0.8

11.0.9

11.0.10

11.0.11

11.0.12

11.0.13

11.0.14

11.1.0-rc1

11.1.0-rc3

11.1.0-rc4

11.1.0-rc5

11.1.0-rc6

11.1.0-rc7

11.1.0

11.1.1

11.1.2

11.1.3

11.1.4

11.1.5

11.1.6

11.1.7

11.1.8

11.1.9

11.1.10

11.1.11

11.1.12

11.1.13

11.1.14

11.1.15

11.1.16

11.2.0-alpha1

11.2.0-alpha2

11.2.0-alpha3

11.2.0-beta1

11.2.0

11.2.1

11.2.2

11.2.3

11.2.4

11.2.5

11.2.6

11.2.7

11.2.8

11.2.9

11.2.10

11.2.11

11.3.0-alpha1

11.3.0-beta1

11.3.0-beta2

11.3.0

11.3.1

11.3.2

11.3.3

11.3.4

11.3.5

11.3.6

11.3.7

11.3.8

11.3.9

11.3.10

11.3.11

11.3.12

11.3.13

11.3.14

11.3.15

11.3.16

11.4.0-alpha1

11.4.0-alpha2

11.4.0-alpha3

11.4.0-beta1

11.4.0-beta2

11.4.0-beta3

11.4.0-beta4

11.4.0

11.4.1

11.4.2

11.4.3

11.4.4

11.4.5

11.4.6

11.4.7

11.4.8

11.4.9

11.4.10

11.4.11

11.5.0-alpha1

11.5.0-alpha2

11.5.0-alpha3

11.5.0-beta1

11.5.0-beta2

11.5.0-beta3

11.5.0-beta4

11.5.0-rc1

11.5.0-rc2

11.5.0

11.5.1

11.5.2

11.5.3

11.5.4

11.5.5

11.5.6

11.5.7

11.5.8

11.5.9

11.6.0-alpha1

11.6.0-beta1

11.6.0-beta2

11.6.0

11.6.1

11.6.2

11.6.3

11.6.4

11.6.5

11.6.6

11.6.7

11.6.8

11.6.9

11.7.0-alpha1

11.7.0-beta1

11.7.0-rc1

11.7.0

11.7.1

11.7.2

11.7.3

11.7.4

11.7.5

11.7.6

11.8.0-alpha1

11.8.0-beta1

11.8.0

11.8.1

11.8.2

11.8.3

11.8.4

11.8.5

11.8.6

11.8.7

11.8.8

11.8.9

11.8.10

11.8.11

11.8.12

11.9.0-alpha1

11.9.0-alpha2

11.9.0-beta1

11.9.0-rc1

11.9.0

11.9.1

11.9.2

11.9.3

11.9.4

11.9.5

11.9.6

11.9.7

11.9.8

11.9.9

11.9.10

11.9.11

11.9.12

11.9.13

11.9.14

11.9.15

11.9.16

11.10.0-alpha1

11.10.0-beta1

11.10.0-beta2

11.10.0-rc1

11.10.0-rc2

11.10.0

11.10.1

11.10.2

11.10.3

11.10.4

11.10.5

11.11.0

11.11.1

11.11.2

11.11.3

11.11.4

12.*

12.0.0-alpha1

12.0.0-alpha2

12.0.0-rc1

12.0.0-rc2

12.0.0-rc3

12.0.0-rc4

12.0.0-rc5

12.0.0-rc6

12.0.0

12.0.1

12.0.2

12.0.3

12.0.4

12.0.5

12.0.6

12.0.7

12.0.8

12.0.9

12.1.0-alpha1

12.1.0-alpha2

12.1.0

12.1.1

12.1.2

12.1.3

12.1.4

12.1.5

12.2.0

12.2.1

12.2.2

12.2.3

12.2.4

12.2.5

12.3.0

12.3.1

12.3.2

12.3.3

12.3.4

12.3.5

12.3.6

12.3.7

12.3.8

12.3.9

12.3.10

Packagist / goalgorilla/open_social

Package

Name: goalgorilla/open_social
Purl: pkg:composer/goalgorilla/open_social

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12.4.0

Fixed

12.4.10

Affected versions

12.*

12.4.0

12.4.1

12.4.2

12.4.3

12.4.4

12.4.5

12.4.6

12.4.7

12.4.8

12.4.9