PSA: Potential multiple vulnerabilities with mod_mime_magic

Open on Drupal.org →

Created on 20 October 2023, 8 months ago

Background information

security.drupal.org private issues:

(included for reference. Please do not report access denied as an error.)

Originally reported by @dww

Problem/Motivation

There are possible multiple vulnerabilities involving mod_mime_magic and certain web server settings.

Steps to reproduce

After some discussions, the security team came to the conclusion that publishing the PSA is sufficient to address the issues. The link to the draft PSA is found in https://security.drupal.org/node/169010

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Contributors

dww
alexpott
mlhess
David_Rothstein
samuel.mortenson
xjm
effulgentsia
drumm
pwolanin
catch
larowlan
Wim Leers

🐛 Bug report

Status

Active

Version

10.2 ✨

Component

Other →

Last updated about 4 hours ago

Created by

🇳🇱Netherlands dokumori Utrecht

Live updates comments and jobs are added and updated live.

Security
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Comments & Activities

Issue created by @dokumori
Comment 8 months ago →
🇳🇱Netherlands dokumori Utrecht

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024