Project:
Date:
2024-October-23
Vulnerability:
Multiple vulnerabilities
CVE IDs:
CVE-2022-29248
CVE-2022-31043
CVE-2022-31042
CVE-2022-31091
CVE-2022-31090
Description:
Smartling module allows you to translate content in Drupal 7 using the Smartling Translation Management Platform.
The module includes an outdated version of the Guzzle package (guzzlehttp/guzzle 6.3.3), which has known security vulnerabilities.
Solution:
Install the latest version:
- If you use Smartling module for Drupal 7.x-4.x, upgrade to smartling 7.x-4.19
- If you use Smartling module for Drupal 7.x-3.x, upgrade to smartling 7.x-3.8
Reported By:
Fixed By:
Coordinated By:
- Juraj Nemec of the Drupal Security Team