Description
The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not
properly validate the form token, which allows remote attackers to conduct
CSRF attacks that upload files in a different user's account via vectors
related to "file upload value callbacks."
Package
| Upstream: | released
(6.37)
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
| Ubuntu 20.04 FIPS Compliant (Focal Fossa): | DNE
|
Patches:
Package
| Upstream: | released
(7.39-1)
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was needed)
|
| Ubuntu 20.04 FIPS Compliant (Focal Fossa): | DNE
|
Patches:
Updated: 2022-02-11 01:01:19 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)