From b72deb0fb6a72689c6db50bc3573fe1c79dad37d Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 4 Feb 2026 18:20:04 +0000 Subject: [PATCH] feat: update advisories --- .../DRUPAL-CONTRIB-2026-008.json | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 advisories/login_disable/DRUPAL-CONTRIB-2026-008.json diff --git a/advisories/login_disable/DRUPAL-CONTRIB-2026-008.json b/advisories/login_disable/DRUPAL-CONTRIB-2026-008.json new file mode 100644 index 00000000..afe6d96f --- /dev/null +++ b/advisories/login_disable/DRUPAL-CONTRIB-2026-008.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.7.0", + "id": "DRUPAL-CONTRIB-2026-008", + "modified": "2026-02-04T17:23:40.000Z", + "published": "2026-02-04T17:23:40.000Z", + "aliases": [ + "CVE-2026-1917" + ], + "details": "The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. \n( default: ) \nIf they provide the access key and have a specific role they can log in.\n\nThe module does not check for the access key when using the HTTP request login route. It is possible to use this route to log in without providing the access key.", + "affected": [ + { + "package": { + "ecosystem": "Packagist:https://packages.drupal.org/8", + "name": "drupal/login_disable" + }, + "severity": [], + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.1.3" + } + ], + "database_specific": { + "constraint": "<2.1.3" + } + } + ], + "database_specific": { + "affected_versions": "<2.1.3" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://www.drupal.org/sa-contrib-2026-008" + } + ], + "credits": [ + { + "name": "Pierre Rudloff (prudloff)", + "contact": [ + "https://www.drupal.org/u/prudloff" + ] + } + ] +}