[VIM] OG Features module bypass / CVE-2013-7067 version inconsistencies
Christey, Steven M.
coley at mitre.org
Wed Dec 18 19:24:38 CST 2013
Refs: CONFIRM:https://drupal.org/node/2149743
MISC:https://drupal.org/node/2149791
X-Force, SecurityFocus, and OSVDB all state that 6.x-1.2 is the last version affected. This is likely due to a segment in 2149791 that "versions prior to 6.x-1.3" are affected. However, in the same advisory a couple lines later, the Drupal team says "upgrade to OG Features 6.x-1.4," linking to 2149743 - the maintainer's advisory, which identifies 6.x-1.4 and clearly mentions the vulnerability.
Since 6.x-1.3 was released on February 14, 2012 according to https://drupal.org/node/1080238, it is our opinion that 6.x-1.3 is also vulnerable.
- Steve
More information about the VIM
mailing list