CVE-2017-6379: Cross Site Request Forgery

March 16, 2017 (updated July 11, 2017)

Some administrative paths did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.

References

www.drupal.org/SA-2017-001

Code Behaviors & Features

Detect and mitigate CVE-2017-6379 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →