Module might be vulnerable to SA-CORE-2023-005

Created on 27 June 2023, over 1 year ago

Updated 12 July 2023, over 1 year ago

Problem/Motivation

This module contains a tweaked copy of ImageStyleDownloadController (used for the image.style_encrypt route).
This version of ImageStyleDownloadController does not seem to include the fix for SA-CORE-2023-005 → .

Proposed resolution

This fix should probably be applied to the version of ImageStyleDownloadController in file_encrypt.

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

🇫🇷France prudloff Lille

Live updates comments and jobs are added and updated live.

Security
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Comments & Activities

Issue created by @prudloff
Assigned to shumer
Status changed to Needs work over 1 year ago10:17am 12 July 2023
Comment over 1 year ago →
🇵🇱Poland shumer Wroclaw
Comment over 1 year ago →
System Message

shumer → committed f201dfb2 on 8.x-1.x
Issue #3370418 by prudloff, shumer: Module might be vulnerable to SA-...
Status changed to Fixed over 1 year ago12:36pm 12 July 2023
Comment over 1 year ago →
🇵🇱Poland shumer Wroclaw
Comment over 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024