Skip to content

Commit fd6b0d5

Browse files
feat: update advisories (#165)
🤖 beep boop - looks like there's some changes to the advisories! Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
1 parent b705a21 commit fd6b0d5

1 file changed

Lines changed: 66 additions & 0 deletions

File tree

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
{
2+
"schema_version": "1.7.0",
3+
"id": "DRUPAL-CONTRIB-2025-125",
4+
"modified": "2025-12-10T19:09:57.000Z",
5+
"published": "2025-12-10T17:53:01.000Z",
6+
"aliases": [
7+
"CVE-2025-14472"
8+
],
9+
"details": "This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites.\n\nThe module doesn't sufficiently protect export routes from cross-site request forgery (CSRF) attacks, potentially allowing an attacker to trick an admin into exporting an unwanted entity.",
10+
"affected": [
11+
{
12+
"package": {
13+
"ecosystem": "Packagist:https://packages.drupal.org/8",
14+
"name": "drupal/acquia_contenthub"
15+
},
16+
"severity": [],
17+
"ranges": [
18+
{
19+
"type": "ECOSYSTEM",
20+
"events": [
21+
{
22+
"introduced": "0"
23+
},
24+
{
25+
"fixed": "3.6.4"
26+
}
27+
],
28+
"database_specific": {
29+
"constraint": "<3.6.4"
30+
}
31+
},
32+
{
33+
"type": "ECOSYSTEM",
34+
"events": [
35+
{
36+
"introduced": "3.7.0"
37+
},
38+
{
39+
"fixed": "3.7.3"
40+
}
41+
],
42+
"database_specific": {
43+
"constraint": ">=3.7.0 <3.7.3"
44+
}
45+
}
46+
],
47+
"database_specific": {
48+
"affected_versions": "<3.6.4 || >=3.7.0 <3.7.3"
49+
}
50+
}
51+
],
52+
"references": [
53+
{
54+
"type": "WEB",
55+
"url": "https://www.drupal.org/sa-contrib-2025-125"
56+
}
57+
],
58+
"credits": [
59+
{
60+
"name": "Lee Rowlands (larowlan)",
61+
"contact": [
62+
"https://www.drupal.org/u/larowlan"
63+
]
64+
}
65+
]
66+
}

0 commit comments

Comments
 (0)