Devin Zuczek

**Name of the Vulnerable Software and Affected Versions** File Entity versions 7.X-* before 7.X-2.39 **Description** The issue allows for the insertion of sensitive information into sent data, enabling forceful browsing. This can lead to the disclosure of protected information. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. Technical details about exploitation include the potential for an attacker to reveal sensitive information. **Recommendations** For versions 7.X-* before 7.X-2.39, update to version 7.X-2.39 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information in the File Entity module until a patch is applied. Avoid using the File Entity module for sensitive data transmission until the issue is resolved.