Project: 
Views (for Drupal 7)
Date: 
2019-March-13
Security risk: 
Moderately critical 10∕25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: 
Information Disclosure
Description: 

This module enables you to create customized lists of data.

The module doesn't sufficiently protect against argument definitions failing.

This vulnerability is mitigated by the fact that a view must have custom PHP code used as a field validator.

Solution: 

Install the latest version:

  • If you use the Views module for Drupal 7.x, upgrade to Views 7.x-3.21

Also see the Views project page.

Reported By: 
Fixed By: 
Coordinated By: 

Additional information

Note: Drupal issues individual security advisories for separate vulnerabilities included in a release, rather than lumping "multiple vulnerabilities" into a single advisory. All advisories released today for Views: