From d723d3e54d34f4277151e0cad2ad8c76768d682e Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 1 Jul 2026 19:20:00 +0000 Subject: [PATCH] feat: update advisories --- .../canvas/DRUPAL-CONTRIB-2026-065.json | 94 +++++++++++++++++++ .../canvas/DRUPAL-CONTRIB-2026-066.json | 94 +++++++++++++++++++ .../colorbox/DRUPAL-CONTRIB-2026-069.json | 66 +++++++++++++ .../flowdrop/DRUPAL-CONTRIB-2026-067.json | 52 ++++++++++ .../flowdrop/DRUPAL-CONTRIB-2026-068.json | 52 ++++++++++ 5 files changed, 358 insertions(+) create mode 100644 advisories/canvas/DRUPAL-CONTRIB-2026-065.json create mode 100644 advisories/canvas/DRUPAL-CONTRIB-2026-066.json create mode 100644 advisories/colorbox/DRUPAL-CONTRIB-2026-069.json create mode 100644 advisories/flowdrop/DRUPAL-CONTRIB-2026-067.json create mode 100644 advisories/flowdrop/DRUPAL-CONTRIB-2026-068.json diff --git a/advisories/canvas/DRUPAL-CONTRIB-2026-065.json b/advisories/canvas/DRUPAL-CONTRIB-2026-065.json new file mode 100644 index 00000000..24094ccb --- /dev/null +++ b/advisories/canvas/DRUPAL-CONTRIB-2026-065.json @@ -0,0 +1,94 @@ +{ + "schema_version": "1.7.0", + "id": "DRUPAL-CONTRIB-2026-065", + "modified": "2026-07-01T17:20:16.000Z", + "published": "2026-07-01T17:20:16.000Z", + "aliases": [ + "CVE-2026-58587" + ], + "details": "The Canvas AI submodule allows you to upload image files via a custom API to use within the AI web chat.\n\nThese file uploads are insufficiently validated before being written to Drupal's temporary directory. In some cases, this may lead to cross-site scripting (XSS).", + "affected": [ + { + "package": { + "ecosystem": "Packagist:https://packages.drupal.org/8", + "name": "drupal/canvas" + }, + "severity": [], + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.2" + } + ], + "database_specific": { + "constraint": "<1.4.2" + } + }, + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.5.0" + }, + { + "fixed": "1.5.2" + } + ], + "database_specific": { + "constraint": ">=1.5.0 <1.5.2" + } + }, + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.6.0" + }, + { + "fixed": "1.6.1" + } + ], + "database_specific": { + "constraint": ">=1.6.0 <1.6.1" + } + }, + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.7.0" + }, + { + "fixed": "1.7.1" + } + ], + "database_specific": { + "constraint": ">=1.7.0 <1.7.1" + } + } + ], + "database_specific": { + "affected_versions": "<1.4.2 || >=1.5.0 <1.5.2 || >=1.6.0 <1.6.1 || >=1.7.0 <1.7.1" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://www.drupal.org/sa-contrib-2026-065" + } + ], + "credits": [ + { + "name": "AKHIL BABU (akhil babu)", + "contact": [ + "https://www.drupal.org/u/akhil-babu" + ] + } + ] +} diff --git a/advisories/canvas/DRUPAL-CONTRIB-2026-066.json b/advisories/canvas/DRUPAL-CONTRIB-2026-066.json new file mode 100644 index 00000000..cd4fc255 --- /dev/null +++ b/advisories/canvas/DRUPAL-CONTRIB-2026-066.json @@ -0,0 +1,94 @@ +{ + "schema_version": "1.7.0", + "id": "DRUPAL-CONTRIB-2026-066", + "modified": "2026-07-01T17:21:09.000Z", + "published": "2026-07-01T17:21:09.000Z", + "aliases": [ + "CVE-2026-58588" + ], + "details": "The Canvas module allow you to upload image files via a custom API.\n\nThe validation rules check the file extension of the uploaded file but not the file MIME type. This may allow a malicious user to upload a file that is not an image.\n\nCertain web-server configurations may serve the uploaded file with its actual MIME type rather than an image type. This may lead to cross-site scripting (XSS) or other unexpected behavior.", + "affected": [ + { + "package": { + "ecosystem": "Packagist:https://packages.drupal.org/8", + "name": "drupal/canvas" + }, + "severity": [], + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.4.2" + } + ], + "database_specific": { + "constraint": "<1.4.2" + } + }, + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.5.0" + }, + { + "fixed": "1.5.2" + } + ], + "database_specific": { + "constraint": ">=1.5.0 <1.5.2" + } + }, + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.6.0" + }, + { + "fixed": "1.6.1" + } + ], + "database_specific": { + "constraint": ">=1.6.0 <1.6.1" + } + }, + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.7.0" + }, + { + "fixed": "1.7.1" + } + ], + "database_specific": { + "constraint": ">=1.7.0 <1.7.1" + } + } + ], + "database_specific": { + "affected_versions": "<1.4.2 || >=1.5.0 <1.5.2 || >=1.6.0 <1.6.1 || >=1.7.0 <1.7.1" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://www.drupal.org/sa-contrib-2026-066" + } + ], + "credits": [ + { + "name": "Christian L\u00f3pez Esp\u00ednola (penyaskito)", + "contact": [ + "https://www.drupal.org/u/penyaskito" + ] + } + ] +} diff --git a/advisories/colorbox/DRUPAL-CONTRIB-2026-069.json b/advisories/colorbox/DRUPAL-CONTRIB-2026-069.json new file mode 100644 index 00000000..4985e734 --- /dev/null +++ b/advisories/colorbox/DRUPAL-CONTRIB-2026-069.json @@ -0,0 +1,66 @@ +{ + "schema_version": "1.7.0", + "id": "DRUPAL-CONTRIB-2026-069", + "modified": "2026-07-01T18:36:44.000Z", + "published": "2026-07-01T17:24:05.000Z", + "aliases": [ + "CVE-2026-58591" + ], + "details": "The Colorbox module integrates with the Colorbox JavaScript library to display content in an overlay above the page.\n\nThe module doesn't sufficiently protect against injection of malicious JavaScript under certain scenarios.\n\nThis vulnerability is mitigated by the fact that an attacker must have a role that permits them to enter HTML content.", + "affected": [ + { + "package": { + "ecosystem": "Packagist:https://packages.drupal.org/8", + "name": "drupal/colorbox" + }, + "severity": [], + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.1.5" + } + ], + "database_specific": { + "constraint": "< 2.1.5" + } + }, + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2.2.0" + }, + { + "last_affected": "2.2.0" + } + ], + "database_specific": { + "constraint": "2.2.0" + } + } + ], + "database_specific": { + "affected_versions": "< 2.1.5 || 2.2.0" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://www.drupal.org/sa-contrib-2026-069" + } + ], + "credits": [ + { + "name": "Pierre Rudloff (prudloff)", + "contact": [ + "https://www.drupal.org/u/prudloff" + ] + } + ] +} diff --git a/advisories/flowdrop/DRUPAL-CONTRIB-2026-067.json b/advisories/flowdrop/DRUPAL-CONTRIB-2026-067.json new file mode 100644 index 00000000..4aa08c80 --- /dev/null +++ b/advisories/flowdrop/DRUPAL-CONTRIB-2026-067.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.7.0", + "id": "DRUPAL-CONTRIB-2026-067", + "modified": "2026-07-01T17:21:57.000Z", + "published": "2026-07-01T17:21:57.000Z", + "aliases": [ + "CVE-2026-58589" + ], + "details": "This module enables you to test and run AI-driven workflows interactively through a chat interface.\n\nThe module doesn't sufficiently enforce permissions on certain endpoints. Attackers may be able to trigger workflow execution (incurring LLM spend and tool side effects) or send messages into other user's sessions.\n\nThis vulnerability is mitigated by the fact that an attacker must have the permission \"View any session\", which is not granted to anonymous or authenticated users by default.", + "affected": [ + { + "package": { + "ecosystem": "Packagist:https://packages.drupal.org/8", + "name": "drupal/flowdrop" + }, + "severity": [], + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.6.0" + } + ], + "database_specific": { + "constraint": "<1.6.0" + } + } + ], + "database_specific": { + "affected_versions": "<1.6.0" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://www.drupal.org/sa-contrib-2026-067" + } + ], + "credits": [ + { + "name": "Aincient Labs (aincient labs)", + "contact": [ + "https://www.drupal.org/u/aincient-labs" + ] + } + ] +} diff --git a/advisories/flowdrop/DRUPAL-CONTRIB-2026-068.json b/advisories/flowdrop/DRUPAL-CONTRIB-2026-068.json new file mode 100644 index 00000000..18c72578 --- /dev/null +++ b/advisories/flowdrop/DRUPAL-CONTRIB-2026-068.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.7.0", + "id": "DRUPAL-CONTRIB-2026-068", + "modified": "2026-07-01T17:22:46.000Z", + "published": "2026-07-01T17:22:46.000Z", + "aliases": [ + "CVE-2026-58590" + ], + "details": "This module enables you to test and run AI-driven workflows interactively through a chat interface.\n\nThe module doesn't sufficiently re-evaluate a human-in-the-loop approval gate where the workflow iterates more than once. This may result in execution of workflows that were not intended by the user.\n\nThis vulnerability is mitigated by the fact that an attacker must have a role with the permission \"Administer FlowDrop workflows\" (or the equivalent \"Create FlowDrop workflows\" / \"Edit FlowDrop workflows\" permissions).", + "affected": [ + { + "package": { + "ecosystem": "Packagist:https://packages.drupal.org/8", + "name": "drupal/flowdrop" + }, + "severity": [], + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.6.0" + } + ], + "database_specific": { + "constraint": "<1.6.0" + } + } + ], + "database_specific": { + "affected_versions": "<1.6.0" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://www.drupal.org/sa-contrib-2026-068" + } + ], + "credits": [ + { + "name": "Aincient Labs (aincient labs)", + "contact": [ + "https://www.drupal.org/u/aincient-labs" + ] + } + ] +}