Project: 
Date: 
2024-September-04
Vulnerability: 
Denial of Service
Affected versions: 
<12.3.8 || >=12.4.0 <12.4.5 || >=13.0.0 <13.0.0-alpha11
CVE IDs: 
CVE-2024-13274
Description: 

Open Social is a Drupal distribution for online communities.

The distribution didn't validate the flood control limits on the password reset form correctly resulting in a potential attacker flooding the password reset which could result in a Denial of Service. Fortunately the message does not disclose any information to the attacker.

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: