Nick Onom's picture

Nick

 Marketing Project Manager

Aug 22, 2019
Add comment

Imagecache External - Critical - Insecure session token management - SA-CONTRIB-2019-065

Imagecache External - Critical - Insecure session token management - SA-CONTRIB-2019-065

Project: Imagecache External
Date: 2019-August-21
Security risk: Critical 15∕25 
Vulnerability: Insecure session token management

Description

This module that allows you to store external images on your server and apply your own Image Styles.

The module exposes cookies to external sites when making external image requests.

This vulnerability is mitigated by using the whitelisted host feature to restrict external image requests from trusted sources.

Solution

Install the latest version:

If you use the Imagecache External 8.x-1.0 version, upgrade to Imagecache External 8.x-1.1 version

Also see the Imagecache External project page.

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.
Drupal · Security

We value your opinion. Please add your feedback.

Get Started or Contact Us