Ricochet has been an invaluable partner in the development of our Drupal sites. Working with Casey, he lent a critical eye to our requirements to understand the feature set and objectives. During development, he was able to propose alternative implementations or creative solutions which met the requirements in an elegant and efficient manner. All the while, Casey maintained perspective on the user experience, to ensure that the product was not only bug free, but also easy to use an navigate. Furthermore, I could rely on Casey to keep me informed of issues and status with timely updates.
—Casey C., Future US

SafeDelete - Moderately critical - Access bypass - SA-CONTRIB-2023-039

Wed, 2023-08-23 10:06 — Anonymous (not verified)

Project: SafeDeleteVersion: 1.0.431.0.421.0.411.0.401.0.391.0.381.0.361.0.351.0.341.0.331.0.321.0.311.0.301.0.291.0.281.0.271.0.261.0.251.0.241.0.231.0.221.0.211.0.201.0.191.0.181.0.171.0.161.0.151.0.141.0.131.0.121.0.111.0.101.0.91.0.81.0.71.0.51.0.41.0.31.0.21.0.11.0.0Date: 2023-August-23Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassAffected versions: <1.0.44Description: This module aims to prevent broken content references by informing content editors either on delete or archive moderation.
The module provides an "orphaned content" report for broken references, which may reveal titles of unpublished content.Solution: Install the latest version:

If you use the SafeDelete module for Drupal 8/9 or 10, please upgrade to SafeDelete 1.0.44

Reported By:

Christopher Hopper

Fixed By:

Joseph Olstad
Cathy Theys of the Drupal Security Team
James Yao
Christopher Hopper

Coordinated By:

Cathy Theys of the Drupal Security Team
Damien McKenna of the Drupal Security Team
Greg Knaddison of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2023-039

Search form

SafeDelete - Moderately critical - Access bypass - SA-CONTRIB-2023-039