Security advisories

This module enables you to create customized lists of data.

The module doesn't sufficiently build queries when used with exposed filters, leading to a possible information disclosure vulnerability in certain rare circumstances.

This vulnerability is mitigated by the fact that a view must have an exposed filter on a field that is used on multiple entity types, both of which are included in the view.

This module addresses the General Data Protection Regulation (GDPR) that came into effect 25th May 2018, and the EU Directive on Privacy and Electronic Communications from 2012. It provides a banner where you can gather consent from the user when the website stores cookies on their computer or otherwise handles their personal information.

The DvG distrubition contains the feature module dvg_domains to support multiple domains.

When the dvg_domains feature module is enabled, anonymous users are able to access some administration pages and change the settings exposed on those pages.

This issue can be mitigated by disabling the dvg_domains module.

The Rabbit Hole module allows administrators to control what should happen when a regular user tries to view an entity at its own page; for example, it may deliver a 403 Access Denied or 404 Page Not Found response, or redirect the user to another path.

The module doesn't respect the Rabbit Hole settings when an entity is being requested with a certain header. This could lead to certain data being exposed even if it shouldn't be. The vulnerability is mitigated by the fact that the user also needs permission to view the content being requested.