Drupal Association members fund grants that make connections all over the world.
- Advisory ID: DRUPAL-SA-CONTRIB-2009-025
- Project: Fivestar (third-party module)
- Version: 5.x, 6.x
- Date: 2009-April-29
- Security risk: Not critical
- Exploitable from: Remote
- Vulnerability: Cross-site request forgery
The Fivestar module provides a voting widget for content and records votes using Ajax.
- Fivestar 5.x-1.x prior to 5.x-1.14
- Fivestar 6.x-1.x prior to 6.x-1.14
Drupal core is not affected. If you do not use the contributed Fivestar module, there is nothing you need to do.
Install the latest version:
- If you use Fivestar 5.x-1.x upgrade to Fivestar 5.x-1.14
- If you use Fivestar 6.x-1.x upgrade to Fivestar 6.x-1.14
See also the Fivestar project page.
John Morahan of the Drupal security team.
The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.