DRUPAL-CONTRIB-2024-006

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/swiftmailer/DRUPAL-CONTRIB-2024-006.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-006

Aliases

CVE-2024-13242

Published

2024-01-24T15:54:55Z

Modified

2025-12-10T23:41:29.012859Z

Summary

[none]

Details

The Drupal Swift Mailer module extends the basic e-mail sending functionality provided by Drupal by delegating all e-mail handling to the Swift Mailer library. This enables your site to take advantage of the many features which the Swift Mailer library provides.

The module could allow an attacker to gain widespread access to a Drupal site. This vulnerability is mitigated by the fact that an attacker must have a means to trigger sending an email with a body that they can control, which would requires either another contributed module or custom integration.

References

https://www.drupal.org/sa-contrib-2024-006

Credits

- Adam Shepherd
- - https://www.drupal.org/user/2650563

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/swiftmailer

Package

Name: drupal/swiftmailer
Purl: pkg:composer/drupal/swiftmailer

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Database specific

{
    "constraint": "*"
}

Database specific

affected_versions

"*"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/swiftmailer/DRUPAL-CONTRIB-2024-006.json"