Headline
GHSA-g36h-4jr6-qmm9: Improper input validation in Drupal core
Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
Drupal 7 is not affected.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-25273
Improper input validation in Drupal core
Moderate severity GitHub Reviewed Published Apr 26, 2023 to the GitHub Advisory Database • Updated Apr 26, 2023
Package
Affected versions
>= 8.0.0, < 9.2.18
>= 9.3.0, < 9.3.12
Patched versions
9.2.18
9.3.12
Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
Drupal 7 is not affected.
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-25273
- https://www.drupal.org/sa-core-2022-008
Published to the GitHub Advisory Database
Apr 26, 2023
Last updated
Apr 26, 2023
Related news
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.