Open Social - Moderately critical - SQL Injection - SA-CONTRIB-2021-010

Project: Open SocialDate: 2021-June-02Security risk: Moderately critical 11∕25 AC:Complex/A:User/CI:All/II:None/E:Theoretical/TD:DefaultVulnerability: SQL InjectionDescription: This Open Social distribution provides a turn-key system for building customized social networks.
The module doesn't sufficiently process data in certain circumstances.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access mentions".Solution: Install the latest version:

  • If you use Open Social 9.x, upgrade to 8.x-9.17
  • If you use Open Social 10.0.x, upgrade to 10.0.13
  • If you use Open Social 10.1.x, upgrade to 10.1.6

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2021-010