diff --git a/advisories/acquia_contenthub/DRUPAL-CONTRIB-2025-125.json b/advisories/acquia_contenthub/DRUPAL-CONTRIB-2025-125.json new file mode 100644 index 00000000..544bd8bc --- /dev/null +++ b/advisories/acquia_contenthub/DRUPAL-CONTRIB-2025-125.json @@ -0,0 +1,66 @@ +{ + "schema_version": "1.7.0", + "id": "DRUPAL-CONTRIB-2025-125", + "modified": "2025-12-10T19:09:57.000Z", + "published": "2025-12-10T17:53:01.000Z", + "aliases": [ + "CVE-2025-14472" + ], + "details": "This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites.\n\nThe module doesn't sufficiently protect export routes from cross-site request forgery (CSRF) attacks, potentially allowing an attacker to trick an admin into exporting an unwanted entity.", + "affected": [ + { + "package": { + "ecosystem": "Packagist:https://packages.drupal.org/8", + "name": "drupal/acquia_contenthub" + }, + "severity": [], + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.6.4" + } + ], + "database_specific": { + "constraint": "<3.6.4" + } + }, + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "3.7.0" + }, + { + "fixed": "3.7.3" + } + ], + "database_specific": { + "constraint": ">=3.7.0 <3.7.3" + } + } + ], + "database_specific": { + "affected_versions": "<3.6.4 || >=3.7.0 <3.7.3" + } + } + ], + "references": [ + { + "type": "WEB", + "url": "https://www.drupal.org/sa-contrib-2025-125" + } + ], + "credits": [ + { + "name": "Lee Rowlands (larowlan)", + "contact": [ + "https://www.drupal.org/u/larowlan" + ] + } + ] +}