CVE-2024-13312

EPSS 0.55%

Published: 12/11/2024Modified: 3/18/2026

Also known as:DRUPAL-CONTRIB-2024-076

Description

Open Social is a Drupal distribution for online communities, which ships with a default (optional) module social\_file\_private to ensure the images and files provided by the distribution are stored in the private instead of the public filesystem. For installations of Open Social prior to version 11.8.0, after updating to 11.8.0 or higher, newly uploaded files were no longer stored in the private file system as intended. Instead, they were stored in the public file system.

Affected packages (1)

Packagist/drupal/social>= 11.8.0, < 12.3.10 | >= 12.4.0, < 12.4.9

References (1)

WEBhttps://www.drupal.org/sa-contrib-2024-076