View online: https://www.drupal.org/sa-contrib-2024-053 Project: Smartling Connector [1] Date: 2024-October-23 Security risk: *Less critical* 9 ∕ 25 AC:Complex/A:Admin/CI:Some/II:None/E:Theoretical/TD:All [2] Vulnerability: Multiple vulnerabilities Description: Smartling module allows you to translate content in Drupal 7 using the Smartling Translation Management Platform. The module includes an outdated version of the Guzzle package (guzzlehttp/guzzle 6.3.3), which has known security vulnerabilities [3]. Solution: Install the latest version: * If you use Smartling module for Drupal 7.x-4.x, upgrade to smartling 7.x-4.19 [4] * If you use Smartling module for Drupal 7.x-3.x, upgrade to smartling 7.x-3.8 [5] Reported By: * Pierre Rudloff [6] Fixed By: * Pavel Loparev [7] Coordinated By: * Juraj Nemec [8] of the Drupal Security Team [1] https://www.drupal.org/project/smartling [2] https://www.drupal.org/security-team/risk-levels [3] https://packagist.org/packages/guzzlehttp/guzzle/advisories?version=2122956 [4] https://www.drupal.org/project/smartling/releases/7.x-4.19 [5] https://www.drupal.org/project/smartling/releases/7.x-3.8 [6] https://www.drupal.org/user/3611858 [7] https://www.drupal.org/user/3158841 [8] https://www.drupal.org/u/poker10