Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution

Published: May 15, 2024
Updated: Jun 27, 2024
GHSA: <a href="https://github.com/advisories/GHSA-jjx7-8462-w4m4" target="_blank" rel="noopener"> GHSA-jjx7-8462-w4m4
Severity: Critical
Exploit:

The Contextual Links module doesn't sufficiently validate the requested contextual links. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links".