Project:
Date:
2019-August-21
Vulnerability:
Insecure session token management
Affected versions:
1.0.0
Description:
This module that allows you to store external images on your server and apply your own Image Styles.
The module exposes cookies to external sites when making external image requests.
This vulnerability is mitigated by using the whitelisted host feature to restrict external image requests from trusted sources.
Solution:
Install the latest version:
- If you use the Imagecache External 8.x-1.0 version, upgrade to Imagecache External 8.x-1.1 version
Also see the Imagecache External project page.
Reported By:
- Jason Want
- Heine Deelstra of the Drupal Security Team
Fixed By:
- Heine Deelstra of the Drupal Security Team
- Baris Wanschers
Coordinated By:
- Greg Knaddison of the Drupal Security Team
