Search API - Moderately critical - Information Disclosure - SA-CONTRIB-2022-059

Project: Search API
Date: 2022-October-19
Security risk: Moderately critical 13∕25
Vulnerability: Information Disclosure

Description

This module enables you to build searches using a wide range of features, data sources and backends.

The module doesn't in all cases correctly detect whether a given search is active on the current page, leading to potential information disclosure for some setups.

This vulnerability is mitigated by the fact that only very specific setups will have this problem and there is no way for an attacker to trigger it.

Solution

Install the latest version:

If you use the Search API module for Drupal 9.x/10.x, upgrade to Search API 8.x-1.27

Nick Onom
Marketing Project Manager

Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

Drupal · Security

Search API - Moderately critical - Information Disclosure - SA-CONTRIB-2022-059

Description

Solution

We value your opinion. Please add your feedback.