First published: Wed Jun 17 2020(Updated: )
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Credit: mlhess@drupal.org mlhess@drupal.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/drupal/core | >=7.0.0<7.72>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.8>=8.9.0<8.9.1>=9.0.0<9.0.1 | |
composer/drupal/drupal | >=7.0.0<7.72>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.8.8>=8.9.0<8.9.1>=9.0.0<9.0.1 | |
Drupal Drupal | >=7.0<7.72 | |
Drupal Drupal | >=8.8.0<8.8.8 | |
Drupal Drupal | >=8.9.0<8.9.1 | |
Drupal Drupal | >=9.0.0<9.0.1 | |
composer/drupal/drupal | >=9.0.0<9.0.1 | 9.0.1 |
composer/drupal/drupal | >=8.9.0<8.9.1 | 8.9.1 |
composer/drupal/drupal | >=8.0.0<8.8.8 | 8.8.8 |
composer/drupal/drupal | >=7.0.0<7.72 | 7.72 |
composer/drupal/core | >=8.0.0<8.8.8 | 8.8.8 |
composer/drupal/core | >=7.0.0<7.72 | 7.72 |
composer/drupal/core | >=9.0.0<9.0.1 | 9.0.1 |
composer/drupal/core | >=8.9.0<8.9.1 | 8.9.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.