Paragraphs - Moderately critical - Access Bypass - SA-CONTRIB-2018-073

Project: Paragraphs
Version: 8.x-1.4
Date: 2018-October-31
Security risk: *Moderately critical* 10∕25
Vulnerability: Access Bypass

Description

 
The Paragraphs module allows Drupal Site Builders to make content
organization cleaner so that you can give more editing power to end-users.

The module doesn't sufficiently check access to create new paragraph entities
which can cause access bypass issues when used in combination with other
contributed modules.

Solution

 
Install the latest version:

* If you use the Paragraphs module for Drupal 8.x, upgrade to Paragraphs 8.x-1.5

Also see the Paragraphs project page.

Add new comment