Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012

Project: Google TagDate: 2025-January-29Security risk: Moderately critical 12 ∕ 25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryAffected versions: <1.8.0 || >=2.0.0 <2.0.8Description: This module enables you to integrate the site with the Google Tag Manager (GTM) application.
The module doesn't sufficiently validate the enabling or disabling of a tag container. The routes involved are not protected against Cross Site Request Forgery (CSRF).
This vulnerability is mitigated by the fact that an attacker needs to know the machine name of the container. The machine name is a random string, making an attack more difficult.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2025-012