-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe security fix explicitly adds CSRF protection to the 'gdpr_tasks.request' route. In vulnerable versions, the associated controller method (TaskController::requestTask) would process requests without verifying CSRF tokens. This matches the CWE-352 CSRF vulnerability pattern where state-changing actions lack anti-CSRF protections. The route configuration change indicates the controller method was the vulnerable entry point that would appear in runtime traces during exploitation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| drupal/gdpr | composer | < 3.0.1 | 3.0.1 |
| drupal/gdpr | composer | >= 3.1.0, < 3.1.2 | 3.1.2 |