DRUPAL-CONTRIB-2024-070

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/minifyjs/DRUPAL-CONTRIB-2024-070.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2024-070
Aliases
  • CVE-2024-13304
Published
2024-12-04T15:51:12Z
Modified
2025-12-10T23:41:31.248365Z
Summary
[none]
Details

The Minify JS module allows a site administrator to minify all javascript files that exist in the site's code base and use those minified files on the front end of the website.

Several administrator routes are unprotected against Cross-Site Request Forgery (CRSF) attacks.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/minifyjs

Package

Name
drupal/minifyjs
Purl
pkg:composer/drupal/minifyjs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.3
Database specific 
{
    "constraint": "<3.0.3"
}

Database specific

affected_versions 
"<3.0.3"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/minifyjs/DRUPAL-CONTRIB-2024-070.json"