Open Social is a Drupal distribution for online communities.
The distribution didn't validate the flood control limits on the password reset form correctly resulting in a potential attacker flooding the password reset which could result in a Denial of Service. Fortunately the message does not disclose any information to the attacker.
Install the latest version:
- If you use Open Social 12.3.x, upgrade to Open Social 12.3.8
- If you use Open Social 12.4.x, upgrade to Open Social 12.4.5
- Greg Knaddison of the Drupal Security Team
- Juraj Nemec of the Drupal Security Team
- Heine Deelstra of the Drupal Security Team