DRUPAL-CONTRIB-2024-038

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2024-038.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-038
Aliases
Withdrawn
2026-03-18T18:00:07.522661Z
Published
2024-09-04T16:20:17Z
Modified
2026-03-18T18:00:07.522661Z
Summary
[none]
Details

Open Social is a Drupal distribution for online communities.

The distribution didn't validate the flood control limits on the password reset form correctly resulting in a potential attacker flooding the password reset which could result in a Denial of Service. Fortunately the message does not disclose any information to the attacker.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/social

Package

Name
drupal/social
Purl
pkg:composer/drupal/social

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.3.8
Database specific 
{
    "constraint": "<12.3.8"
}
Type
ECOSYSTEM
Events
Introduced
12.4.0
Fixed
12.4.5
Database specific 
{
    "constraint": ">=12.4.0 <12.4.5"
}
Type
ECOSYSTEM
Events
Introduced
13.0.0-alpha1
Fixed
13.0.0-alpha11
Database specific 
{
    "constraint": ">=13.0.0-alpha1 <13.0.0-alpha11"
}

Database specific

affected_versions 
"<12.3.8 || >=12.4.0 <12.4.5 || >=13.0.0-alpha1 <13.0.0-alpha11"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2024-038.json"
patched 
true