Unified Twig Extensions - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-041

Project: Unified Twig ExtensionsDate: 2023-August-30Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingAffected versions: <1.1.1Description: This module makes PatternLab's custom Twig functions available to Drupal theming.
The module's included examples don't sufficiently filter data.
This vulnerability is mitigated by the fact that the included examples must have been copied to a site's theme.Solution: Install the latest version:

• If you use the Unified Twig Extensions module, upgrade to Unified Twig Extensions 1.1.1

Reported By: 

• Pierre Rudloff

Fixed By: 

• Oleksandr Kuzava
• Pierre Rudloff

Coordinated By: 

• Damien McKenna of the Drupal Security Team