-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe security patch modifies the access() method in social_language's Access class to properly retrieve permissions from route requirements. The original vulnerable code path returned AccessResult::allowed() when no permission was explicitly provided, creating an authorization bypass. This function would appear in stack traces when unauthorized users attempted to access protected translation interfaces through forceful browsing. The function signature matches Drupal's access control system patterns and is directly referenced in the security advisory as the location of the authorization check improvement.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| goalgorilla/open_social | composer | < 12.3.11 | 12.3.11 |
| goalgorilla/open_social | composer | >= 12.4.0, < 12.4.10 | 12.4.10 |
Ongoing coverage of React2Shell