PT-2024-10345 · Drupal · Drupal Image Sizes

Dezså Biczã³

Published

2024-05-29

Updated

2025-01-10

CVE-2024-13259

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Drupal Image Sizes versions 0.0.0 through 3.0.1

Description The issue is related to the insertion of sensitive information into sent data, which allows for forceful browsing. This can be exploited by a remote attacker to bypass security restrictions.

Recommendations For versions 0.0.0 through 3.0.1, update to version 3.0.2 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-201

Related Identifiers

BDU:2025-00840

CVE-2024-13259

DRUPAL-CONTRIB-2024-023

Affected Products

Drupal Image Sizes

PT-2024-10345 · Drupal · Drupal Image Sizes

CVE-2024-13259

Weakness Enumeration

Related Identifiers

Affected Products

References · 6