Drupal Canvas
Monthly
A Server-Side Request Forgery (SSRF) vulnerability exists in Drupal Canvas versions prior to 1.1.1, allowing attackers to manipulate the server into making unauthorized requests to internal or external resources. This vulnerability affects all Drupal Canvas installations from version 0.0.0 through 1.1.0, enabling attackers to access sensitive internal services, bypass network segmentation, or exfiltrate data. No CVSS score, EPSS data, or public proof-of-concept information is currently available, though the vulnerability has been formally documented by the Drupal security team.
Improper authorization controls in Drupal Canvas versions before 1.0.4 enable attackers to bypass access restrictions and enumerate or access restricted resources through direct browsing. The vulnerability requires specific conditions to exploit (high attack complexity) but affects all unauthenticated users with network access. Currently, no patch is publicly available and exploitation activity has not been confirmed.
A Server-Side Request Forgery (SSRF) vulnerability exists in Drupal Canvas versions prior to 1.1.1, allowing attackers to manipulate the server into making unauthorized requests to internal or external resources. This vulnerability affects all Drupal Canvas installations from version 0.0.0 through 1.1.0, enabling attackers to access sensitive internal services, bypass network segmentation, or exfiltrate data. No CVSS score, EPSS data, or public proof-of-concept information is currently available, though the vulnerability has been formally documented by the Drupal security team.
Improper authorization controls in Drupal Canvas versions before 1.0.4 enable attackers to bypass access restrictions and enumerate or access restricted resources through direct browsing. The vulnerability requires specific conditions to exploit (high attack complexity) but affects all unauthenticated users with network access. Currently, no patch is publicly available and exploitation activity has not been confirmed.