Matt Glaman

**Name of the Vulnerable Software and Affected Versions** Drupal Canvas versions prior to 1.0.4 **Description** The Drupal Canvas module has an authorization issue that allows forceful browsing of Canvas Pages when they are unpublished. The module does not adequately validate access to Canvas Pages, potentially allowing unauthorized access. This is mitigated by the fact that content moderation is not enabled by default and archiving is not a feature of the module. **Recommendations** Update to Drupal Canvas version 1.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Acquia DAM versions 0.0.0 through 1.0.12 Acquia DAM versions 1.1.0 through 1.1.0-beta2 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the Acquia DAM module of the Drupal CMS system. This vulnerability can be exploited by a remote attacker to perform a CSRF attack or cause a denial of service. **Recommendations** For Acquia DAM versions 0.0.0 through 1.0.12, update to version 1.0.13 or later. For Acquia DAM versions 1.1.0 through 1.1.0-beta2, update to version 1.1.0-beta3 or later. As a temporary workaround, consider restricting access to the `Acquia DAM` module to minimize the risk of exploitation.