Security advisories for contributed projects

The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-owner-maintainer-or-co-mai...

The Examples for Developers project aims to provide high-quality, well-documented API examples for a broad range of Drupal core functionality.

The "Read from a file" feature implemented by the file_example submodule can be used to expose any file that PHP can access. Therefore, the file_example sub-module is being removed from Examples for Developers until a version demonstrating file security best practices can be added back in the future. Developers who based a new module on this example should review their code for an access bypass.

This module provides spam protection using the CleanTalk cloud service.

The module doesn't sufficiently sanitize API response messages before rendering them in HTML output. The _cleantalk_die() and ct_die() functions output the CleanTalk API response message directly into HTML without proper sanitization, allowing potential injection of arbitrary HTML or JavaScript.

This module enables sites to comply with the European cookie law using tarteaucitron.js.

The module doesn't sufficiently filter user-supplied markup inside of content leading to an attacker being able to delete arbitrary cookies.

This vulnerability is mitigated by the fact that an attacker needs to be able to insert specific data attributes in the page.