Flag clear - Moderately Critical - CSRF - DRUPAL-SA-CONTRIB-2017-074

* Advisory ID: DRUPAL-SA-CONTRIB-2017-074
* Project: Flag clear
* Version: 7.x
* Date: 2017-September-13
* Security risk: 14/25 ( Moderately Critical)
* Vulnerability: Cross Site Request Forgery

DESCRIPTION

The Flag clear module allows administrators to remove user flags for content.
This functionality is often useful in user-submission use-cases, where users
do not necessarily need to unflag things on their own.

The module doesn't sufficiently confirm a user's intent to take unflagging
actions.

VERSIONS AFFECTED

* All Flag clear module versions prior to 7.x-1.10.

Drupal core is not affected. If you do not use the contributed Flag clear module, there is nothing you need to do.

SOLUTION

Install the latest version:

* If you use the Flag clear module for Drupal 7.x, upgrade to Flag clear
7.x-1.10

Also see the Flag clear project page: https://www.drupal.org/project/flag_clear

Add new comment