Date: 
2024-February-28
Vulnerability: 
Cross Site Request Forgery
Affected versions: 
<1.0.6
CVE IDs: 
CVE-2024-13250
Description: 

The module doesn’t sufficiently protect against malicious links, which means an attacker can trick an administrator into performing unwanted actions.

This vulnerability is mitigated by the fact that the set of unwanted actions is limited to specific configurations.

Solution: 

Upgrade to Symfony Mailer Lite 1.0.6 and rebuild Drupal's cache.

Reported By: 
Fixed By: 
Coordinated By: