Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014

2024-02-2800:00:00

Drupal Security Team

www.drupal.org

drupal

symfony

mailer lite

cross site request forgery

sa-contrib-2024-014

security

administrator

configuration

7 High

AI Score

Confidence

Low

JSON

The module doesn’t sufficiently protect against malicious links, which means an attacker can trick an administrator into performing unwanted actions. This vulnerability is mitigated by the fact that the set of unwanted actions is limited to specific configurations.

Affected configurations

Vulners

Node

drupalsymfony_mailer_liteRange<1.0.6

CPENameOperatorVersion
symfony mailer litelt1.0.6

CPE	Name	Operator	Version
	symfony mailer lite	lt	1.0.6

References

www.drupal.org/project/symfony_mailer_lite/releases/1.0.6

www.drupal.org/user/272316

www.drupal.org/user/2986445

www.drupal.org/user/326925

www.drupal.org/user/36762

www.drupal.org/user/395439

7 High

AI Score

Confidence

Low

JSON