Twig Field Value - Moderately critical - Access bypass - SA-CONTRIB-2022-058

Project: Twig Field ValueDate: 2022-October-12Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: This module enables themers to get partial data from field render arrays. It gives them more control over the output without drilling deep into the render array or using preprocess functions.
The module doesn't sufficiently apply access restrictions when using the filters field_label, field_value, field_raw and field_target_entity.
This vulnerability is mitigated by the fact that these filters must be used in combination with either unpublished content or access control modules.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article