Decoupled Router - Critical - Access bypass - SA-CONTRIB-2018- 071

Project: Decoupled RouterVersion: 8.x-1.18.x-1.0Date: 2018-October-31Security risk: Critical 15∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: This module enables you to resolve the provided Drupal path in order to find the canonical path and information about the resolved entity. This information includes entity type ID, entity ID, entity UUID and entity label.
The module doesn't sufficiently check access before displaying entity labels. This leads to the display of labels on entities that are not be accessible, for example; titles of unpublished content.Solution: Install the latest version:

Also see the Decoupled Router project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2018-071