logo

Database

Cross-site request forgery In drupal/symfony_mailer_lite

Description

The module doesn’t sufficiently protect against malicious links, which means an attacker can trick an administrator into performing unwanted actions.

This vulnerability is mitigated by the fact that the set of unwanted actions is limited to specific configurations.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-132502. NVD-2024-132503. OSV-DRUPAL-CONTRIB-2024-0144. OSV-2024-132505. GCVE-2024-132506. drupal.org

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.