GHSA-jjx7-8462-w4m4: Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution

May 15, 2024

The Contextual Links module doesn’t sufficiently validate the requested contextual links. This vulnerability is mitigated by the fact that an attacker must have a role with the permission “access contextual links”.

References

github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-5.yaml
github.com/advisories/GHSA-jjx7-8462-w4m4
github.com/drupal/drupal
www.drupal.org/sa-core-2018-006

Detect and mitigate GHSA-jjx7-8462-w4m4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →