[Security-news] ComScore direct tag - Critical - Unsupported - SA-CONTRIB-2017-095
security-news at drupal.org
security-news at drupal.org
Wed Dec 20 19:19:41 UTC 2017
View online: https://www.drupal.org/sa-contrib-2017-095
Project: ComScore direct tag [1]
Date: 2017-December-20
Security risk: *Critical* 18∕25
AC:None/A:None/CI:Some/II:Some/E:Proof/TD:Default [2]
Vulnerability: Unsupported
Description:
A simple module to add in the JS for the comScore Direct tag to your Drupal
site.
The security team is marking this module unsupported. There is a known
security issue with the module that has not been fixed by the maintainer. The
security team takes action in cases like this without regard to the severity
of the security issue in question. If you would like to maintain this module,
please read: https://www.drupal.org/node/251466 [3]
All projects that are being marked unsupported are given a score of critical.
Code that is no longer maintained poses a threat to securing sites.
Solution:
If you use the ComScore Direct tag module for Drupal you should uninstall it.
Reported By:
Balazs Janos Tatar [4]
Fixed By:
N/A
[1] https://www.drupal.org/project/comscore_direct
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/node/251466
[4] https://www.drupal.org/u/tatarbj
More information about the Security-news
mailing list