Blogroll: Drupal Contrib Security

I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 1 posts from the blog 'Drupal Contrib Security.'

Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!

Subscribe to Drupal Contrib Security feed
Updated: 1 hour 58 min ago

Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO ) - Moderately critical - SQL Injection - SA-CONTRIB-2020-034

Wed, 14/10/2020 - 15:38
Project: Drupal OAuth Server ( OAuth Provider) - Single Sign On ( SSO )Date: 2020-October-14Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: SQL InjectionDescription: 

This module enables you login into any OAuth 2.0 compliant application using Drupal credentials.

The 8.x branch of the module is vulnerable to SQL injection.

Solution: 

Install the latest version:

  • If you use the Drupal OAuth Server module for Drupal 8.x, upgrade to 8.x-1.1
Reported By: Fixed By: Coordinated By: 
Categories: Technology
Additional Terms