Drupal Symfony Mailer Lite – Moderately critical – Cross Site Request Forgery – SA-CONTRIB-2024-014

Drupal Security Advisory

Date: 
2024-February-28
Vulnerability: 
Cross Site Request Forgery
Affected versions: 
<1.0.6
Description: 

The module doesn’t sufficiently protect against malicious links, which means an attacker can trick an administrator into performing unwanted actions.

This vulnerability is mitigated by the fact that the set of unwanted actions is limited to specific configurations.

Solution: 

Upgrade to Symfony Mailer Lite 1.0.6 and rebuild Drupal’s cache.

Reported By: 
Fixed By: 
Coordinated By: 

READ MORE