[IT-SecNots] [Security-news] Directory based organisational layer - Critical - Unsupported - SA-CONTRIB-2017-096

[security-news AT drupal.org]

View online: https://www.drupal.org/sa-contrib-2017-096

Project: Directory based organisational layer [1]
Date: 2017-December-20
Security risk: *Critical* 18∕25
AC:None/A:None/CI:Some/II:Some/E:Proof/TD:Default [2]
Vulnerability: Unsupported

Description: 
This module adds a new organizational layer to Drupal, making it easy for
managing large numbers of files and nodes.

The security team is marking this module unsupported. There is a known
security issue with the module that has not been fixed by the maintainer. The
security team takes action in cases like this without regard to the severity
of the security issue in question. If you would like to maintain this module,
please read: https://www.drupal.org/node/251466 [3]

All projects that are being marked unsupported are given a score of critical.
Code that is no longer maintained poses a threat to securing sites.

Solution: 
If you use the Directory based organisational layer tag module for Drupal you
should uninstall it.

Reported By: 
Jean-Francois Hovinne [4]

Fixed By: 
N/A


[1] https://www.drupal.org/project/odir
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/node/251466
[4] https://www.drupal.org/u/jfhovinne

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news