Drupal Association members fund grants that make connections all over the world.
- Advisory ID: DRUPAL-SA-CONTRIB-2012-068
- Project: Node Gallery (third-party module)
- Version: 6.x
- Date: 2012-May-02
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Request Forgery
Node gallery enable users to create a more flexible and powerful gallery that are fully integrated with Drupal's core node system.
This module does not protect a CSRF attack when creating node galleries.
- 6.x-3.1 and before
Drupal core is not affected. If you do not use the contributed Node Gallery module, there is nothing you need to do.
Uninstall the module, this module is no longer supported.
Also see the Node Gallery project page.
- Michael Hess of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.