View online: https://www.drupal.org/sa-contrib-2024-053
Project: Smartling Connector [1] Date: 2024-October-23 Security risk: *Less critical* 9 ∕ 25 AC:Complex/A:Admin/CI:Some/II:None/E:Theoretical/TD:All [2] Vulnerability: Multiple vulnerabilities
Description: Smartling module allows you to translate content in Drupal 7 using the Smartling Translation Management Platform.
The module includes an outdated version of the Guzzle package (guzzlehttp/guzzle 6.3.3), which has known security vulnerabilities [3].
Solution: Install the latest version:
* If you use Smartling module for Drupal 7.x-4.x, upgrade to smartling 7.x-4.19 [4] * If you use Smartling module for Drupal 7.x-3.x, upgrade to smartling 7.x-3.8 [5]
Reported By: * Pierre Rudloff [6]
Fixed By: * Pavel Loparev [7]
Coordinated By: * Juraj Nemec [8] of the Drupal Security Team
[1] https://www.drupal.org/project/smartling [2] https://www.drupal.org/security-team/risk-levels [3] https://packagist.org/packages/guzzlehttp/guzzle/advisories?version=2122956 [4] https://www.drupal.org/project/smartling/releases/7.x-4.19 [5] https://www.drupal.org/project/smartling/releases/7.x-3.8 [6] https://www.drupal.org/user/3611858 [7] https://www.drupal.org/user/3158841 [8] https://www.drupal.org/u/poker10