drupal/core is vulnerable to information disclosure. The vulnerability exists due to a lack of input validation in the ImageStyleDownloadController.php
as it only restricts access to non-public files if stored in the private file directory, allowing an attacker to gain access to additional files in the system.
CPE | Name | Operator | Version |
---|---|---|---|
drupal/core | le | 10.0.0-alpha7 | |
drupal/core | le | 9.4.2 | |
drupal/core | le | 9.3.18 | |
drupal/core | le | 10.0.0-alpha7 | |
drupal/core | le | 9.4.2 | |
drupal/core | le | 9.3.18 |