This module enables you to build searches using a wide range of features, data sources and backends.
The module doesn't in all cases correctly detect whether a given search is active on the current page, leading to potential information disclosure for some setups.
This vulnerability is mitigated by the fact that only very specific setups will have this problem and there is no way for an attacker to trigger it.
Install the latest version:
- If you use the Search API module for Drupal 9.x/10.x, upgrade to Search API 8.x-1.27
- Gerhard Killesreiter of the Drupal Security Team
- Joris Vercammen
- Markus Kalkbrenner
- Thomas Seidl
- Damien McKenna of the Drupal Security Team
- Michael Hess of the Drupal Security Team