Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 833519 (CVE-2022-25271)

Summary: <www-apps/drupal-7.89: improper input validation
Product: Gentoo Security Reporter: Tupone Alfredo <tupone>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.drupal.org/sa-core-2022-003
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Tupone Alfredo gentoo-dev 2022-02-17 09:45:40 UTC 
Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-003

Reproducible: Always
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-17 21:08:24 UTC 
"Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data."

Thanks for reporting! Please bump to 7.88 and 9.2.13.
Comment 2 Tupone Alfredo gentoo-dev 2022-05-04 09:40:04 UTC 
commit 7ddc64889b1bc2a991391d2a53f627d8c6bb2303
Author: Alfredo Tupone <tupone@gentoo.org>
Date:   Tue May 3 09:28:20 2022 +0200

    www-apps/drupal: bump version
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-04 15:32:40 UTC 
Looks like we never had an affected version for 9.2.x. All done, thanks!