GHSA-7v68-3pr5-h3cr: Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution

May 15, 2024

The Contextual Links module doesn’t sufficiently validate the requested contextual links. This vulnerability is mitigated by the fact that an attacker must have a role with the permission “access contextual links”.

References

github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-5.yaml
github.com/advisories/GHSA-7v68-3pr5-h3cr
github.com/drupal/core
www.drupal.org/sa-core-2018-006

Code Behaviors & Features

Detect and mitigate GHSA-7v68-3pr5-h3cr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →