Project:
Date:
2024-May-29
Vulnerability:
Access bypass
Affected versions:
<3.0.2
CVE IDs:
CVE-2024-13259
Description:
This module enables you to create responsive image styles that depend on the parent element's width.
The module doesn't sufficiently check access to rendered images, resulting in access bypass vulnerabilities in specific scenarios.
Solution:
Install the latest version.
- If you use the Image Sizes module for Drupal 10, upgrade to Image Sizes 3.0.2
Reported By:
Fixed By:
- Dezső Biczó
- Pascal Crott
- Juraj Nemec of the Drupal Security Team
Coordinated By:
- Juraj Nemec of the Drupal Security Team
- Neil Drumm of the Drupal Security Team
- Michael Hess of the Drupal Security Team
