Typogrify - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-002

Project: TypogrifyDate: 2024-January-10Security risk: Moderately critical 12∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingAffected versions: <1.3.0Description: The Typogrify module brings the typographic refinements of Typogrify to Drupal. It provides a text filter and a Twig filter.
The typogrify Twig filter can be used to bypass the Twig auto-escape feature, leading to a persistent Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that it is only exposed when the twig filter is specifically used in a template to render content.Solution: Install the latest version:

If you use the typogrify Twig filter provided by this module, then this update may cause double-encoding of text. See the updated README for best practices.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2024-002