Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] Advanced File Destination - Critical - Multiple vulnerabilities - SA-CONTRIB-2025-057

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] Advanced File Destination - Critical - Multiple vulnerabilities - SA-CONTRIB-2025-057


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] Advanced File Destination - Critical - Multiple vulnerabilities - SA-CONTRIB-2025-057
  • Date: Wed, 14 May 2025 18:04:32 +0000 (UTC)
  • Authentication-results: lists.piratenpartei.de; dkim=pass header.d=drupal.org header.s=default header.b=QUPVj2d0; spf=pass (lists.piratenpartei.de: domain of security-news-bounces AT drupal.org designates 2605:bc80:3010::137 as permitted sender) smtp.mailfrom=security-news-bounces AT drupal.org; dmarc=pass (policy=none) header.from=drupal.org
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 55028416BC
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org B283F403A2
  • List-archive: <http://lists.drupal.org/pipermail/security-news/>
  • List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2025-057

Project: Advanced File Destination [1]
Date: 2025-May-14
Security risk: *Critical* 15 ∕ 25 Critical 16 ∕ 25
AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:All [2]
Vulnerability: Multiple vulnerabilities

Affected versions: *
Description: 
The Advanced File Destination module enhances file upload management in
Drupal by allowing users to choose and create custom directories during file
uploads.

The module has multiple vulnerabilities that were reported through the Drupal
Security Team's coordinated vulnerability process. The project maintainer did
not follow the terms and conditions for hosting projects on drupal.org that
are opted into security coverage, so the module is losing its security
coverage. The private issues may be made public at the discretion of the
reporter and maintainer.


[1] https://www.drupal.org/project/advanced_file_destination
[2] https://www.drupal.org/security-team/risk-levels

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

  • [IT-SecNots] [Security-news] Advanced File Destination - Critical - Multiple vulnerabilities - SA-CONTRIB-2025-057, security-news, 14.05.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang