Entity cache - Critical - Information disclosure - SA-CONTRIB-2023-046

Entity cache - Critical - Information disclosure - SA-CONTRIB-2023-046

Project: Entity cache
Date: 2023-September-27
Security risk: Critical 16∕25
Vulnerability: Information disclosure

Description

Entity Cache puts core entities into Drupal's cache API.

A recent release of the module does not sanitize certain inputs appropriately. This can lead to unintended behavior when wildcard characters are included in the input.

The impact of this bug should be relatively minor in most configurations, but in worst-case scenarios it could lead to significant Access Bypass.

Solution

Install the latest version:

If you use the Entity cache module for Drupal 7.x, upgrade to Entity cache 7.x-1.7.

We value your opinion. Please add your feedback.