Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070
  • Date: Wed, 4 Dec 2024 17:22:14 +0000 (UTC)
  • Authentication-results: lists.piratenpartei.de; dkim=pass header.d=drupal.org header.s=default header.b=NgPDTIEv; spf=pass (lists.piratenpartei.de: domain of security-news-bounces AT drupal.org designates 140.211.166.133 as permitted sender) smtp.mailfrom=security-news-bounces AT drupal.org; dmarc=pass (policy=none) header.from=drupal.org
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org D7BDE437E7
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 21AA440B24
  • List-archive: <http://lists.drupal.org/pipermail/security-news/>
  • List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2024-070

Project: Minify JS [1]
Date: 2024-December-04
Security risk: *Moderately critical* 13 ∕ 25
AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All [2]
Vulnerability: Cross site request forgery

Affected versions: <3.0.3
Description: 
The Minify JS module allows a site administrator to minify all javascript
files that exist in the site's code base and use those minified files on the
front end of the website.

Several administrator routes are unprotected against Cross-Site Request
Forgery (CRSF) attacks.

Solution: 
Install the latest version:

* If you use the Minify JS module for Drupal 7.x, upgrade to Minify JS
7.x-1.11 [3]
* If you use the Minify JS module for Drupal 8.x, upgrade to Minify JS 3.0.3
[4]

Reported By: 
* Pierre Rudloff [5]

Fixed By: 
* Ivo Van Geertruyen [6] of the Drupal Security Team
* Scott Joudry [7]

Coordinated By: 
* Ivo Van Geertruyen [8] of the Drupal Security Team


[1] https://www.drupal.org/project/minifyjs
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/minifyjs/releases/7.x-1.11
[4] https://www.drupal.org/project/minifyjs/releases/3.0.3
[5] https://www.drupal.org/user/3611858
[6] https://www.drupal.org/user/383424
[7] https://www.drupal.org/user/1846786
[8] https://www.drupal.org/user/383424

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

  • [IT-SecNots] [Security-news] Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070, security-news, 04.12.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang