Views - Moderately critical - Information disclosure - SA-CONTRIB-2019-035

Project: ViewsVersion: 7.x-3.x-devDate: 2019-March-13Security risk: Moderately critical 10∕25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information disclosureDescription: This module enables you to create customized lists of data.
The module doesn't sufficiently build queries when used with exposed filters, leading to a possible information disclosure vulnerability in certain rare circumstances.
This vulnerability is mitigated by the fact that a view must have an exposed filter on a field that is used on multiple entity types, both of which are included in the view.Solution: Install the latest version:

  • If you use the Views module for Drupal 7.x, upgrade to Views 7.x-3.21

Also see the Views project page.Reported By: 

Fixed By: 

Coordinated By: 

Additional information
Note: Drupal issues individual security advisories for separate vulnerabilities included in a release, rather than lumping "multiple vulnerabilities" into a single advisory. All advisories released today for Views:

Path to article