{"id":"DRUPAL-CORE-2019-008","details":"In Drupal 8.7.4, when the [experimental](https://www.drupal.org/core/experimental#beta) Workspaces module is enabled, an access bypass condition is created.\n\nThis can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.\n\nDrupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are **not** affected.","aliases":["CVE-2019-6342","GHSA-xq62-62c9-22mg"],"modified":"2025-12-10T23:41:17.020713Z","published":"2019-07-17T16:05:11Z","references":[{"type":"WEB","url":"https://www.drupal.org/sa-core-2019-008"}],"affected":[{"package":{"name":"drupal/core","ecosystem":"Packagist","purl":"pkg:composer/drupal/core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.7.4"},{"fixed":"8.7.5"}],"database_specific":{"constraint":"\u003e=8.7.4 \u003c8.7.5"}}],"versions":["8.7.4"],"database_specific":{"source":"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/core/DRUPAL-CORE-2019-008.json","affected_versions":"\u003e=8.7.4 \u003c8.7.5"}}],"schema_version":"1.7.3","credits":[{"name":"Dave Botsch","contact":["https://www.drupal.org/user/3534164"]}]}