[IT-SecNots] [Security-news] ComScore direct tag - Critical - Unsupported - SA-CONTRIB-2017-095

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2017-095

Project: ComScore direct tag [1]
Date: 2017-December-20
Security risk: *Critical* 18∕25
AC:None/A:None/CI:Some/II:Some/E:Proof/TD:Default [2]
Vulnerability: Unsupported

Description: 
A simple module to add in the JS for the comScore Direct tag to your Drupal
site.

The security team is marking this module unsupported. There is a known
security issue with the module that has not been fixed by the maintainer. The
security team takes action in cases like this without regard to the severity
of the security issue in question. If you would like to maintain this module,
please read: https://www.drupal.org/node/251466 [3]

All projects that are being marked unsupported are given a score of critical.
Code that is no longer maintained poses a threat to securing sites.

Solution: 
If you use the ComScore Direct tag module for Drupal you should uninstall it.

Reported By: 
Balazs Janos Tatar  [4]

Fixed By: 
N/A


[1] https://www.drupal.org/project/comscore_direct
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/node/251466
[4] https://www.drupal.org/u/tatarbj

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news