As an academic group, we wanted to improve the look and feel of our website on a tight budget. The team at Project Ricochet was consistently responsive to our concerns and willing to help us meet our goals. They were transparent with their costs, which allowed us to pick and choose which features and changes we deemed most important. Thanks to this transparency, our new website is a substantial improvement over the old that we were able to achieve in a cost-effective fashion.
—Justin Inman, UCSF

Gutenberg - Less critical - Denial of Service - SA-CONTRIB-2023-009

Wed, 2023-03-08 09:46 — Anonymous (not verified)

Project: GutenbergDate: 2023-March-08Security risk: Less critical 8∕25 AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Denial of ServiceDescription: This module provides a new UI experience for node editing - Gutenberg editor.
This vulnerability can cause DoS by using reusable blocks improperly.
This vulnerability is mitigated by the fact an attacker must have "use gutenberg" permission to exploit it.Solution: Install the latest version:

If you use the Gutenberg module versions 8.x-2.x, upgrade to Gutenberg 8.x-2.7

Reported By:

Eirik Morland

Fixed By:

Coordinated By:

Damien McKenna of the Drupal Security Team
Greg Knaddison of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2023-009

Search form

Gutenberg - Less critical - Denial of Service - SA-CONTRIB-2023-009