Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038

Project: Open SocialDate: 2024-September-04Security risk: Moderately critical 10∕25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Denial of ServiceAffected versions: <12.3.8 || >=12.4.0 <12.4.5 || >=13.0.0 <13.0.0-alpha11Description: Open Social is a Drupal distribution for online communities.
The distribution didn't validate the flood control limits on the password reset form correctly resulting in a potential attacker flooding the password reset which could result in a Denial of Service. Fortunately the message does not disclose any information to the attacker.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2024-038