Dan Wilga

**Name of the Vulnerable Software and Affected Versions** Drupal Monster Menus versions 0.0.0 through 9.3.3 Drupal Monster Menus versions 9.4.0 through 9.4.1 **Description** The issue is related to the deserialization of untrusted data, which allows object injection. This can potentially enable a remote attacker to execute arbitrary code. **Recommendations** For versions 0.0.0 through 9.3.3, update to version 9.3.4 or later. For versions 9.4.0 through 9.4.1, update to version 9.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** Monster Menus versions 0.0.0 through 9.3.1 **Description** The issue is related to insufficient authorization mechanisms in the Monster Menus module of the Drupal CMS, allowing a remote attacker to disclose protected information and impact the integrity of protected information. This can lead to forceful browsing, where an attacker can access unauthorized areas of the system. **Recommendations** For Monster Menus versions 0.0.0 through 9.3.1, update to version 9.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Monster Menus module versions 7.x-1.21 through 7.x-1.23 **Description** The issue concerns the recycle bin feature in the Monster Menus module for Drupal, which fails to properly remove nodes from view. This allows remote attackers to obtain sensitive information via an unspecified URL pattern. **Recommendations** For Monster Menus module versions 7.x-1.21 through 7.x-1.23, update to version 7.x-1.24 or later to resolve the issue.