Thunder – Moderately critical – Access bypass – SA-CONTRIB-2023-007
Discription

Thunder is a Drupal distribution for professional publishing. The thunder distribution ships the thunder_gqls module which provides a graphql interface. The module doesn’t sufficiently check access when serving user data via graphql leading to an access bypass vulnerability potentially exposing email addresses.Read More

Back to Main

Subscribe for the latest news: