GHSA-mg8j-w93w-xjgc

Suggest an improvement
Source
https://github.com/advisories/GHSA-mg8j-w93w-xjgc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-mg8j-w93w-xjgc/GHSA-mg8j-w93w-xjgc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mg8j-w93w-xjgc
Aliases
  • CVE-2024-45440
Published
2024-08-29T12:31:05Z
Modified
2024-09-03T20:31:27Z
Summary
Drupal Full Path Disclosure
Details

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

References

Affected packages

Packagist / drupal/drupal

Package

Name
drupal/drupal
Purl
pkg:composer/drupal/drupal

Affected ranges

Affected versions

11.*

11.x-dev

Packagist / drupal/core-recommended

Package

Name
drupal/core-recommended
Purl
pkg:composer/drupal/core-recommended

Affected ranges

Affected versions

11.*

11.x-dev

Packagist / drupal/core

Package

Name
drupal/core
Purl
pkg:composer/drupal/core

Affected ranges

Affected versions

11.*

11.x-dev