Swift Mailer - Moderately critical - Access bypass - SA-CONTRIB-2024-006

Project: Swift MailerDate: 2024-January-24Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: The Drupal Swift Mailer module extends the basic e-mail sending functionality provided by Drupal by delegating all e-mail handling to the Swift Mailer library. This enables your site to take advantage of the many features which the Swift Mailer library provides.
The module could allow an attacker to gain widespread access to a Drupal site. This vulnerability is mitigated by the fact that an attacker must have a means to trigger sending an email with a body that they can control, which would requires either another contributed module or custom integration.Solution: Uninstall this module immediately. The swiftmailer library has been unsupported for a year, and this module is now also unsupported.
Changing to a replacement module is suggested, the following were specifically suggested by the module maintainers:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2024-006