Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2021-June-02
Vulnerability:
SQL Injection
Affected versions:
<9.17.0 || >=10.0.0 <10.0.13 || >=10.1.0 <10.1.6
Description:
This Open Social distribution provides a turn-key system for building customized social networks.
The module doesn't sufficiently process data in certain circumstances.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access mentions".
Solution:
Reported By:
Fixed By:
- mindaugasd
- Alexander Varwijk
- Drew Webber of the Drupal Security Team
- Ronald te Brake
- Neil Drumm of the Drupal Security Team
Coordinated By:
- Greg Knaddison of the Drupal Security Team
