Blogroll: Drupal Contrib Security
I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 1 posts from the blog 'Drupal Contrib Security.'
Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!
Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) - Moderately critical - SQL Injection - SA-CONTRIB-2020-034
This module enables you login into any OAuth 2.0 compliant application using Drupal credentials.
The 8.x branch of the module is vulnerable to SQL injection.Solution:
Install the latest version:
- If you use the Drupal OAuth Server module for Drupal 8.x, upgrade to 8.x-1.1
- Michael Hess of the Drupal Security Team