I didn't find any cve about it, but there's a SA on drupal site: http://drupal.org/node/244637 Reproducible: Always
Seems to be CVE-2008-1729 / #217223: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1729
(In reply to comment #1) > Seems to be CVE-2008-1729 / #217223: > > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1729 > Indeed. *** This bug has been marked as a duplicate of bug 217223 ***