DRUPAL-CONTRIB-2025-018

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/gdpr/DRUPAL-CONTRIB-2025-018.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-018
Aliases
Published
2025-02-26T18:34:59Z
Modified
2025-12-10T23:41:03.627759Z
Summary
[none]
Details

The GDPR Task submodule enables you to create GDPR tasks.

The module doesn't sufficiently protect against Cross Site Request Forgery (CSRF) attacks by validating user identity and intent when creating tasks.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/gdpr

Package

Name
drupal/gdpr
Purl
pkg:composer/drupal/gdpr

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.1
Database specific 
{
    "constraint": "<3.0.1"
}
Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.2
Database specific 
{
    "constraint": ">=3.1.0 <3.1.2"
}

Database specific

affected_versions 
"<3.0.1 || >=3.1.0 <3.1.2"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/gdpr/DRUPAL-CONTRIB-2025-018.json"