drupal/core is vulnerable to insecure validation. Lack of secure validation for certain contributed or custom modules’ forms allows injection of disallowed values or overwrite data.
github.com/drupal/core/commit/d156ce760011fb36f1312986968120372d9384c2
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
lists.fedoraproject.org/archives/list/[email protected]/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/
lists.fedoraproject.org/archives/list/[email protected]/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/
www.drupal.org/sa-core-2022-003