833519 – (CVE-2022-25271) <www-apps/drupal-7.89: improper input validation

Bug 833519 (CVE-2022-25271) - <www-apps/drupal-7.89: improper input validation

Summary: <www-apps/drupal-7.89: improper input validation

Status:	RESOLVED FIXED

Alias:	CVE-2022-25271

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://www.drupal.org/sa-core-2022-003
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2022-02-17 09:45 UTC by Tupone Alfredo
Modified:	2022-05-04 15:32 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tupone Alfredo gentoo-dev

2022-02-17 09:45:40 UTC

Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-003

Reproducible: Always

Comment 1 John Helmert III archtester

2022-02-17 21:08:24 UTC

"Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data."

Thanks for reporting! Please bump to 7.88 and 9.2.13.

Comment 2 Tupone Alfredo gentoo-dev

2022-05-04 09:40:04 UTC

commit 7ddc64889b1bc2a991391d2a53f627d8c6bb2303
Author: Alfredo Tupone <tupone@gentoo.org>
Date:   Tue May 3 09:28:20 2022 +0200

    www-apps/drupal: bump version

Comment 3 John Helmert III archtester

2022-05-04 15:32:40 UTC

Looks like we never had an affected version for 9.2.x. All done, thanks!