Project Ricochet's top notch developers, designers and PM’s allowed us to bring our vision of an e-commerce style class search to life. We had a tight budget and a lot of unexpected problems on the Berkeley side. Utilizing Ricochet's state of the art tracking tools and disciplined scrum approach allowed us to surmount every challenge and end up with a fantastic application. We loved the creative collaboration that allowed us to remake a boring campus class schedule into a high-octane search tool that our students and faculty love! Thank you Casey and the whole PR team!
—Johanna Metzgar

Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069

Wed, 2024-12-04 07:13 — Anonymous (not verified)

Project: Download All FilesDate: 2024-December-04Security risk: Critical 16 ∕ 25 AC:None/A:None/CI:Some/II:None/E:Proof/TD:AllVulnerability: Access bypassAffected versions: <2.0.2Description: This module provides a field formatter for the field type 'file' called `Table of files with download all link` .
The module had vulnerabilities allowing a user to download files they normally should not be able to download.Solution: Install the latest version:

If you use the Download All Files module, upgrade to 2.0.2 version

Reported By:

Fixed By:

Coordinated By:

Greg Knaddison of the Drupal Security Team
Damien McKenna of the Drupal Security Team
Ivo Van Geertruyen of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2024-069

Search form

Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069