{"id":"DRUPAL-CONTRIB-2022-059","details":"This module enables you to build searches using a wide range of features, data sources and backends.\n\nThe module doesn't in all cases correctly detect whether a given search is active on the current page, leading to potential information disclosure for some setups.\n\nThis vulnerability is mitigated by the fact that only very specific setups will have this problem and there is no way for an attacker to trigger it.","modified":"2025-12-10T23:33:26.838119Z","published":"2022-10-19T20:28:24Z","references":[{"type":"WEB","url":"https://www.drupal.org/sa-contrib-2022-059"}],"affected":[{"package":{"name":"drupal/search_api","ecosystem":"Packagist:https://packages.drupal.org/8","purl":"pkg:composer/drupal/search_api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.27.0"}],"database_specific":{"constraint":"\u003c1.27.0"}}],"database_specific":{"source":"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/search_api/DRUPAL-CONTRIB-2022-059.json","affected_versions":"\u003c1.27.0"}}],"schema_version":"1.7.3","credits":[{"name":"Markus Kalkbrenner","contact":["https://www.drupal.org/user/124705"]}]}