Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
drupalDrupal Security TeamDRUPAL-SA-CONTRIB-2023-025
HistoryJun 28, 2023 - 12:00 a.m.

Mailchimp - Critical - Cross Site Request Forgery - SA-CONTRIB-2023-025

2023-06-2800:00:00
Drupal Security Team
www.drupal.org
6
mailchimp
integration
csrf
vulnerability
oauth
authentication
attack
software
JSON

This module provides integration with Mailchimp, a popular email delivery service. A route related to OAuth authentication is not protected against a Cross Site Request Forgery attack.

Affected configurations

Vulners
Node
drupalmailchimpRange<2.2.2
VendorProductVersionCPE
drupalmailchimp*cpe:2.3:a:drupal:mailchimp:*:*:*:*:*:*:*:*
JSON