drupal/ai is vulnerable to Access Bypass
50
Medium Risk
The Drupal AI Core Actions module contains an access control vulnerability where certain exposed Drupal core action tools do not properly validate permissions, and some actions lack required access-level definitions. This issue only affects sites that expose the affected tools to non-privileged users through an agent accessible to attackers.
You are affected if you are using a version that falls within the vulnerable range.
drupal/ai is vulnerable to Access Bypass in versions 0.0.1 - 1.2.16, 1.3.0 - 1.3.7 and 1.4.0 - 1.4.2.
Upgrade the drupal/ai library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant