View online: https://www.drupal.org/sa-contrib-2023-009
Project: Gutenberg [1] Date: 2023-March-08 Security risk: *Less critical* 8∕25 AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:All [2] Vulnerability: Denial of Service
Description: This module provides a new UI experience for node editing - Gutenberg editor.
This vulnerability can cause DoS by using reusable blocks improperly.
This vulnerability is mitigated by the fact an attacker must have "use gutenberg" permission to exploit it.
Solution: Install the latest version:
* If you use the Gutenberg module versions 8.x-2.x, upgrade to Gutenberg 8.x-2.7 [3]
Reported By: * Eirik Morland [4]
Fixed By: * Eirik Morland [5] * Marco Fernandes [6] * Stephan Zeidler [7]
Coordinated By: * Damien McKenna [8] of the Drupal Security Team * Greg Knaddison [9] of the Drupal Security Team
[1] https://www.drupal.org/project/gutenberg [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/gutenberg/releases/8.x-2.7 [4] https://www.drupal.org/user/1014468 [5] https://www.drupal.org/user/1014468 [6] https://www.drupal.org/user/2127558 [7] https://www.drupal.org/user/767652 [8] https://www.drupal.org/user/108450 [9] https://www.drupal.org/user/36762