—
DRUPAL-CONTRIB-2026-065
상세
The Canvas AI submodule allows you to upload image files via a custom API to use within the AI web chat.
These file uploads are insufficiently validated before being written to Drupal's temporary directory. In some cases, this may lead to cross-site scripting (XSS).
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
Packagist:https://packages.drupal.org/8 / drupal/canvas
최초 영향 버전:
0 수정 버전: 1.4.2 Upgrade drupal/canvas to 1.4.2 or newer (ecosystem packagist:https://packages.drupal.org/8).