Project: 
Date: 
2024-January-10
Vulnerability: 
Cross Site Scripting
Affected versions: 
<1.3.0
CVE IDs: 
CVE-2024-13238
Description: 

The Typogrify module brings the typographic refinements of Typogrify to Drupal. It provides a text filter and a Twig filter.

The typogrify Twig filter can be used to bypass the Twig auto-escape feature, leading to a persistent Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that it is only exposed when the twig filter is specifically used in a template to render content.

Solution: 

Install the latest version:

If you use the typogrify Twig filter provided by this module, then this update may cause double-encoding of text. See the updated README for best practices.

Reported By: 
Fixed By: 
Coordinated By: