Andrew Belcher

**Name of the Vulnerable Software and Affected Versions** Drupal CAPTCHA versions 0.0.0 through 1.16.9 Drupal CAPTCHA versions 2.0.0 through 2.0.9 **Description** A functionality bypass exists in Drupal CAPTCHA due to insufficient invalidation of security tokens. An attacker may bypass the CAPTCHA on subsequent submissions if they first successfully solve at least one CAPTCHA manually to obtain valid tokens. **Recommendations** Update Drupal CAPTCHA to version 1.17.0 or later. Update Drupal CAPTCHA to version 2.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal AI (Artificial Intelligence) versions 1.0.0 through 1.0.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform actions on a user's behalf without their consent. This is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.0.0 through 1.0.1, update to version 1.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal AI (Artificial Intelligence) versions 0.0.0 through 1.0.2 **Description** The issue is related to a Missing Authorization vulnerability, which allows Forceful Browsing in Drupal AI (Artificial Intelligence). **Recommendations** For versions 0.0.0 through 1.0.2, update to version 1.0.3 or later to resolve the issue.