Alinks - Moderately Critical -Access bypass

* Advisory ID: DRUPAL-SA-CONTRIB-2017-058
* Project: Alinks (third-party module)
* Version: 8.x
* Date: 2017-August-02
* Security risk: 13/25 ( Moderately Critical)
* Vulnerability: Access bypass


This module enables you to automatically link keywords to specific URLs.

This module has an insufficient access check on the delete route.

Alinks uses the wrong permission for an access check.


* Alinks 8.x-1.x versions prior to 8.x-1.1.

Drupal core is not affected. If you do not use the contributed Alinks module, there is nothing you need to do.


Install the latest version:

* If you use the Alinks module for Drupal 8.x, upgrade to Alinks 8.x-1.1

Also see the Alinks project page:

Add new comment