"We run a non-profit summer camp and hired Ricochet to design our camper and staff database from scratch. Their initial design was custom fit to suit our needs and as those needs have evolved the helpful staff at Ricochet have insured that timely changes keep our database up to date and running smoothly. Thanks for the fantastic service and personal attention, it's made a huge difference for our camp!"
—Chrissie Endler, Camp del Corazon

Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019

Wed, 2025-02-26 10:35 — Anonymous (not verified)

Project: Cache UtilityDate: 2025-February-26Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryAffected versions: <1.2.1 || >=1.3.0 <1.3.0Description: The Cache Utility module provides an ability to view status and flush various caches.
The module doesn't sufficiently protect against Cross Site Request Forgery (CSRF) attacks by validating user identity and intent when flushing a cache.Solution: Install the latest version:

If you use the Cache Utility module for Drupal 1.2.x, upgrade to Cache Utility 1.2.1
If you use the Cache Utility module for Drupal 1.x, you can also upgrade to Cache Utility 1.3.0

Reported By:

Pierre Rudloff (prudloff)

Fixed By:

cyoun

Coordinated By:

Greg Knaddison (greggles) of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2025-019

Search form

Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019