Project:
Date:
2018-February-14
Vulnerability:
Information Disclosure
Description:
The Entity API module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties.
The module prints debugging information to the HTML output in certain error conditions thereby causing an information disclosure vulnerability.
This vulnerability is mitigated by the fact that an attacker needs to be able to trigger the error condition in a way that protected data is exposed.
Solution:
Install the latest version:
- If you use the Entity API module for Drupal 7.x, upgrade to Entity API 7.x-1.9
Reported By:
Fixed By:
Coordinated By:
- Michael Hess of the Drupal Security Team
