This module enables you to configure a wiki-like input filter that allows users to create links to site and external content.
The module doesn't sufficiently check if a user has access to some URLs before rendering them as links.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access content" (which is commonly assigned to all roles), and the site must be configured to disallow access to certain content.
Install the latest version:
- If you use the freelinking module 4.0.x, upgrade to freelinking 4.0.1
- If you use the freelinking module 8.x-3.x, upgrade to freelinking 4.0.1, as the 8.x-3.x branch is now unsupported
- Greg Knaddison of the Drupal Security Team
- Damien McKenna of the Drupal Security Team
- Juraj Nemec of the Drupal Security Team