Relation - Moderately Critical - Access Bypass

* Advisory ID: DRUPAL-SA-CONTRIB-2017-063
* Project: Relation (third-party module)
* Version: 7.x
* Date: 2017-August-09
* Security risk: 14/25 ( Moderately Critical)
* Vulnerability: Access bypass


This module enables you to store relationships between entities as fieldable

The module doesn't sufficiently check permissions when displaying related
entities labels with the Relation Dummy Field module widget.

This vulnerability is mitigated by the fact that the optional Relation Dummy
Field module must be enabled and any entity must be configured to display
related entities with the widget provided by the module.


* Relation 7.x-1.x versions prior to 7.x-1.1.

Drupal core is not affected. If you do not use the contributed Relation module, there is nothing you need to do.


Install the latest version:

* If you use the Relation module for Drupal 7.x, upgrade to Relation 7.x-1.1

Also see the Relation project page:

Add new comment