DRUPAL-CONTRIB-2025-019

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/cache_utility/DRUPAL-CONTRIB-2025-019.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-019

Aliases

CVE-2025-31690
GHSA-ccc9-jgj7-hxc7

Published

2025-02-26T18:35:11Z

Modified

2025-12-10T23:41:12.463277Z

Summary

[none]

Details

The Cache Utility module provides an ability to view status and flush various caches.

The module doesn't sufficiently protect against Cross Site Request Forgery (CSRF) attacks by validating user identity and intent when flushing a cache.

References

https://www.drupal.org/sa-contrib-2025-019

Credits

- Pierre Rudloff (prudloff)
- - https://www.drupal.org/u/prudloff

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/cache_utility

Package

Name: drupal/cache_utility
Purl: pkg:composer/drupal/cache_utility

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.2.1

Database specific

{
    "constraint": "<1.2.1"
}

Database specific

affected_versions

"<1.2.1"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/cache_utility/DRUPAL-CONTRIB-2025-019.json"