Entity cache - Critical - Information disclosure - SA-CONTRIB-2023-046
Project: Entity cache Date: 2023-September-27 Security risk: Critical 16∕25 Vulnerability: Information disclosure
Entity Cache puts core entities into Drupal's cache API.
A recent release of the module does not sanitize certain inputs appropriately. This can lead to unintended behavior when wildcard characters are included in the input.
The impact of this bug should be relatively minor in most configurations, but in worst-case scenarios it could lead to significant Access Bypass.
Install the latest version:
If you use the Entity cache module for Drupal 7.x, upgrade to Entity cache 7.x-1.7.