Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014

Project: Drupal Symfony Mailer LiteDate: 2024-February-28Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryAffected versions: <1.0.6Description: The module doesn’t sufficiently protect against malicious links, which means an attacker can trick an administrator into performing unwanted actions.
This vulnerability is mitigated by the fact that the set of unwanted actions is limited to specific configurations.Solution: Upgrade to Symfony Mailer Lite 1.0.6 and rebuild Drupal's cache.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2024-014