[Security-news] Anti Spam by CleanTalk - Moderately critical - SQL Injection - SA-CONTRIB-2022-032
security-news at drupal.org
security-news at drupal.org
Wed Mar 30 19:42:47 UTC 2022
View online: https://www.drupal.org/sa-contrib-2022-032
Project: Anti Spam by CleanTalk [1]
Date: 2022-March-30
Security risk: *Moderately critical* 14∕25
AC:Basic/A:None/CI:None/II:All/E:Theoretical/TD:Default [2]
Vulnerability: SQL Injection
Description:
This module provides integration with the CleanTalk spam protection service.
The module does not properly filter data in certain circumstances.
Solution:
Install the latest version:
* If you use the Anti Spam by CleanTalk module for Drupal 8.x, upgrade to
Anti Spam by CleanTalk 8.x-4.13 [3]
* If you use the Anti Spam by CleanTalk module for Drupal 9.x, upgrade to
Anti Spam by CleanTalk 9.1.19 [4]
Reported By:
* Glomberg [5]
* Heine [6] of the Drupal Security Team
Fixed By:
* Glomberg [7]
Coordinated By:
* Chris McCaffrey [8] of the Drupal Security Team
* Greg Knaddison [9] of the Drupal Security Team
[1] https://www.drupal.org/project/cleantalk
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/cleantalk/releases/8.x-4.13
[4] https://www.drupal.org/project/cleantalk/releases/9.1.19
[5] https://www.drupal.org/user/3624869
[6] https://www.drupal.org/user/17943
[7] https://www.drupal.org/user/3624869
[8] https://www.drupal.org/user/1850070
[9] https://www.drupal.org/user/36762
More information about the Security-news
mailing list