Skip to content

Drupal core Denial of Service vulnerability

Moderate severity GitHub Reviewed Published Feb 12, 2024 to the GitHub Advisory Database • Updated Feb 12, 2024

Package

composer drupal/core (Composer)

Affected versions

>= 8.0.0, < 10.1.8
>= 10.2.0, < 10.2.2

Patched versions

10.1.8
10.2.2

Description

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.

References

Published to the GitHub Advisory Database Feb 12, 2024
Reviewed Feb 12, 2024
Last updated Feb 12, 2024

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-6ccv-8fgf-cjpw

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.