Data field - Moderately critical - Access bypass - SA-CONTRIB-2023-040

Project: Data fieldVersion: 2023-August-23Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: <1.0.16Description: The Data Field module provides a way of building field types that are made up of other fields, a simpler alternative to e.g. the Paragraphs system.
Access to these forms isn't properly validated, allowing a user with the "access content" permission to view and edit fields on entities.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article