:warning: We detected 11 security issues in this pull request:
Hard-Coded Secrets (1)
Severity | Details | Docs
:-: | :-- | :-:
Medium | Title: **Secret Keyword** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/user/config/install/user.mail.yml#L34 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#SecretKeyword)
More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr).
---
Information Disclosure (1)
Severity | Details | Docs
:-: | :-- | :-:
Medium | Title: **Use of phpinfo()** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/system/src/Controller/SystemInfoController.php#L62 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/information-disclosure.html?utm_source=ghpr#phpinfo-use)
More info on how to fix Information Disclosure in [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/information-disclosure.html?utm_source=ghpr).
---
Insecure Access Control (1)
Severity | Details | Docs
:-: | :-- | :-:
Low | Title: **Insecure HTTP redirect** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/.ht.router.php#L29 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_access_control.html?utm_source=ghpr#http-redirect-gr)
More info on how to fix Insecure Access Control in [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_access_control.html?utm_source=ghpr).
---
Insecure Processing of Data (2)
Severity | Details | Docs
:-: | :-- | :-:
Medium | Title: **Unescaped user input in HTML** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.es6.js#L652 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.lang.taint-frontend-html-injection)
Medium | Title: **Unescaped user input in HTML** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.js#L291 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.lang.taint-frontend-html-injection)
More info on how to fix Insecure Processing of Data in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr).
---
Insecure Use of Dangerous Function (6)
Severity | Details | Docs
:-: | :-- | :-:
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.admin.es6.js#L328 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.admin.es6.js#L737 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.admin.js#L184 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/modules/ckeditor5/js/ckeditor5.admin.js#L386 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/themes/olivero/js/second-level-navigation.es6.js#L81 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
Medium | Title: **Dynamic evaluation of untrusted input (Frontend)** https://github.com/pantheon-systems/drops-8/blob/8da4b9f5a8b97c6ff62f45ee06faa526f3d9221c/core/themes/olivero/js/second-level-navigation.js#L38 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend)
More info on how to fix Insecure Use of Dangerous Function in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr).
Update from Drupal 9.1.0 to Drupal 9.5.10.
This is experimental. Do not merge.