Drupal core - Moderately critical - Improper input validation - SA-CORE-2022-003

Read Time:1 Minute, 3 Second

Project:

Drupal core

Date:

2022-February-16

Security risk:

Moderately critical 14∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon

Vulnerability:

Improper input validation

CVE IDs:

CVE-2022-25271

Description:

Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

This advisory is not covered by Drupal Steward.

Solution:

Install the latest version:

If you are using Drupal 9.3, update to Drupal 9.3.6.
If you are using Drupal 9.2, update to Drupal 9.2.13.
If you are using Drupal 7, update to Drupal 7.88.

All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Reported By:

Fabian Iwand

Fixed By:

xjm of the Drupal Security Team
Lee Rowlands of the Drupal Security Team
Ben Dougherty of the Drupal Security Team
Drew Webber of the Drupal Security Team
Jen Lampton
Nate Lampton
Fabian Franz
Alex Bronstein of the Drupal Security Team

chromium-117.0.5938.132-2.fc39

FEDORA-2023-c890266d3f Packages in this update: chromium-117.0.5938.132-2.fc39 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....

September 30, 2023

chromium-117.0.5938.132-2.fc38

FEDORA-2023-d66a01ad4f Packages in this update: chromium-117.0.5938.132-2.fc38 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Read More

September 30, 2023

chromium-117.0.5938.132-1.el7

FEDORA-EPEL-2023-edc9c74369 Packages in this update: chromium-117.0.5938.132-1.el7 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....

September 30, 2023

chromium-117.0.5938.132-1.el8

FEDORA-EPEL-2023-8f3e1b6f78 Packages in this update: chromium-117.0.5938.132-1.el8 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....

September 30, 2023

chromium-117.0.5938.132-1.fc37

FEDORA-2023-0cd03c3746 Packages in this update: chromium-117.0.5938.132-1.fc37 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Read More

September 30, 2023

chromium-117.0.5938.132-1.el9

FEDORA-EPEL-2023-cca1f87440 Packages in this update: chromium-117.0.5938.132-1.el9 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....

September 30, 2023

Cyber Security News

Friday Squid Blogging: Protecting Cephalopods in Medical Research

Russian Company Offers $20M For Non-NATO Mobile Exploits

Microsoft’s Bing AI Faces Malware Threat From Deceptive Ads

Phishing, Smishing Surge Targets US Postal Service

Three men found guilty of laundering $2.5 million in Target gift card tech support scam

ZeroFont trick makes users think that message has been scanned for threats

Building edge computing for manufacturing – the video

Privacy Regulator Orders End to Spreadsheet FOI Responses

Microsoft Breach Exposed 60,000 State Department Emails

Drupal core – Moderately critical – Improper input validation – SA-CORE-2022-003

chromium-117.0.5938.132-2.fc39

chromium-117.0.5938.132-2.fc38

chromium-117.0.5938.132-1.el7

chromium-117.0.5938.132-1.el8

chromium-117.0.5938.132-1.fc37

chromium-117.0.5938.132-1.el9