DRUPAL-CONTRIB-2025-030

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/webt/DRUPAL-CONTRIB-2025-030.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-030

Aliases

CVE-2025-3475

Published

2025-04-09T17:04:09Z

Modified

2025-12-10T23:41:29.475835Z

Summary

[none]

Details

This module enables you to translate nodes, configuration, UI strings automatically.

The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of entities with arbitrary content and create load on the system leading to a Denial of Service.

References

https://www.drupal.org/sa-contrib-2025-030

Credits

- Jan Kellermann (jan kellermann)
- - https://www.drupal.org/u/jan-kellermann

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/webt

Package

Name: drupal/webt
Purl: pkg:composer/drupal/webt

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.1.0

Database specific

{
    "constraint": "<1.1.0"
}

Database specific

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/webt/DRUPAL-CONTRIB-2025-030.json"

affected_versions

"<1.1.0"