The module doesn’t sufficiently protect against malicious links, which means an attacker can trick an administrator into performing unwanted actions.
This vulnerability is mitigated by the fact that the set of unwanted actions is limited to specific configurations.
Upgrade to Symfony Mailer Lite 1.0.6 and rebuild Drupal's cache.
- Lee Rowlands of the Drupal Security Team
- Wayne Eaker
- Greg Knaddison of the Drupal Security Team
- Juraj Nemec of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team