Unauthorized access to files In drupal/ckeditor5_premium_features
Description
The module provides instant integration of the official CKEditor 5 Premium plugins into the Drupal editor configuration.
This module has a path traversal vulnerability, which allows an access bypass to restricted image files in the system.
This access bypass is possible for any account with a View published content permission, but the risk is mitigated by the fact that only images can be opened.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 packagist | 1.2.10, 1.3.6, 1.4.3, 1.5.1, 1.6.4 |
Aliases
1. 2. 3. 4. 5. 6.