Skip to content

Commit b72deb0

Browse files
feat: update advisories
1 parent a88177a commit b72deb0

1 file changed

Lines changed: 52 additions & 0 deletions

File tree

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.7.0",
3+
"id": "DRUPAL-CONTRIB-2026-008",
4+
"modified": "2026-02-04T17:23:40.000Z",
5+
"published": "2026-02-04T17:23:40.000Z",
6+
"aliases": [
7+
"CVE-2026-1917"
8+
],
9+
"details": "The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. \n( default: <http://example.com/user/login?admin> ) \nIf they provide the access key and have a specific role they can log in.\n\nThe module does not check for the access key when using the HTTP request login route. It is possible to use this route to log in without providing the access key.",
10+
"affected": [
11+
{
12+
"package": {
13+
"ecosystem": "Packagist:https://packages.drupal.org/8",
14+
"name": "drupal/login_disable"
15+
},
16+
"severity": [],
17+
"ranges": [
18+
{
19+
"type": "ECOSYSTEM",
20+
"events": [
21+
{
22+
"introduced": "0"
23+
},
24+
{
25+
"fixed": "2.1.3"
26+
}
27+
],
28+
"database_specific": {
29+
"constraint": "<2.1.3"
30+
}
31+
}
32+
],
33+
"database_specific": {
34+
"affected_versions": "<2.1.3"
35+
}
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://www.drupal.org/sa-contrib-2026-008"
42+
}
43+
],
44+
"credits": [
45+
{
46+
"name": "Pierre Rudloff (prudloff)",
47+
"contact": [
48+
"https://www.drupal.org/u/prudloff"
49+
]
50+
}
51+
]
52+
}

0 commit comments

Comments
 (0)