The optional Paragraphs Library module allows the reuse of paragraphs in multiple places.
The module doesn't sufficiently restrict access to unpublished library items in lists.
This vulnerability is mitigated by the fact the paragraphs_library module must be in use, and that an attacker must have access to a list of library items, such as a field with autocomplete suggestions or a view.
Install the latest version:
- If you use the Paragraphs module for Drupal 8.x, upgrade to Paragraphs 8.x-1.21
- Pierre Rudloff (prudloff) of the Drupal Security Team
- Sascha Grossenbacher (berdir)
- Pierre Rudloff (prudloff) of the Drupal Security Team
- Greg Knaddison (greggles) of the Drupal Security Team
- Pierre Rudloff (prudloff) of the Drupal Security Team