Artem Dmitriiev

**Name of the Vulnerable Software and Affected Versions** Drupal AI versions 0.0.0 through 1.1.10 Drupal AI versions 1.2.0 through 1.2.11 **Description** An incorrect authorization issue exists in Drupal AI (Artificial Intelligence) that allows for resource injection. The module and certain submodules (AI Automators, AI Translate, AI API Explorer, AI Content Suggestions) allow the use of a Large Language Model (LLM) to generate HTML or Markdown, and preview it in a browser. Under specific conditions, rendering this HTML can expose secret communications related to the LLM request. **Recommendations** Update Drupal AI to version 1.1.11 or later. Update Drupal AI to version 1.2.12 or later.