View online: https://www.drupal.org/sa-contrib-2018-065 Project: Search API Solr Search [1] Version: 7.x-1.13 Date: 2018-October-10 Security risk: *Moderately critical* 10∕25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2] Vulnerability: Access bypass Description:  This module provides support for creating searches using the Apache Solr search engine and the Search API Drupal module. The module doesn't sufficiently take the searched fulltext fields into account when creating a search excerpt. This can, in specific cases, lead to confidential data being leaked as part of the search excerpt. Solution:  Install the latest version: * If you use the Search API Solr Search module for Drupal 7.x, upgrade to Search API Solr Search 7.x-1.14 [3] Also see the Search API Solr Search [4] project page. Reported By:  * Ronino [5] Fixed By:  * Thomas Seidl [6] * Markus Kalkbrenner [7] * Ronino [8] Coordinated By:  * Michael Hess [9] of the Drupal Security Team * Greg Knaddison [10] of the Drupal Security Team [1] https://www.drupal.org/project/search_api_solr [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/search_api_solr/releases/7.x-1.14 [4] https://www.drupal.org/project/search_api_solr [5] https://www.drupal.org/user/645948 [6] https://www.drupal.org/user/205582 [7] https://www.drupal.org/user/124705 [8] https://www.drupal.org/user/645948 [9] https://www.drupal.org/u/mlhess [10] https://www.drupal.org/u/greggles