CVE-2025-48921

描述

Open Social is a Drupal distribution for online communities, which ships with a default module that allows users to enroll in events. The module doesn't sufficiently protect certain routes from Cross Site Request Forgery (CSRF) attacks. Users can be tricked into accepting or rejecting these enrollments. This issue only affects sites that have event enrollments enabled for an event.

受影響套件(1)

• Packagist/drupal/socialfrom 0, < 12.3.14 | >= 12.4.0, < 12.4.13

參考連結(1)

• WEBhttps://www.drupal.org/sa-contrib-2025-079