1 min read

Critical Vulnerability in Unsupported Colorbox Node Project 

A MacBook with lines of code on its screen on a busy desk
Christopher Gower / Unsplash

The Drupal Security team announced the Colorbox Node project as unsupported on March 23rd, 2022,  and therefore the vulnerability that was detected as critical according to the Security Advisory SA-CONTRIB-2022-030. The vulnerability is classified critical based on the 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:All status.

The Drupal Security Team marked the Colorbox Node project as unsupported as there is a known security issue that remains unfixed. 18, 225 sites report using this module.

Solution: 
The recommendation is to uninstall the project unless willing to take over the Colorbox Node project maintenance and fix the vulnerability issue. The module was unsupported as of January 26th, 2022, but missed being announced.

Source: https://www.drupal.org/sa-contrib-2022-030

You May Like
Article
Drupal Pivot in Ghent Marks Turning Point for CMS, AI, and Sovereignty

Drupal Pivot in Ghent Marks Turning Point for CMS, AI, and Sovereignty
Article
Drupal Pivot in Ghent Marks Turning Point for CMS, AI, and Sovereignty

Drupal Pivot in Ghent Marks Turning Point for CMS, AI, and Sovereignty

ASK: Drupal Community Needs Your Support

View all →
Security Updates

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.

You may also like

You May Like
Article
Drupal Service Container Deep Dive (Part 3): Service Collectors

Drupal Service Container Deep Dive (Part 3): Service Collectors
Build site with Drupal

Featured

Latest News

Upcoming Events

View All Events

Latest Opportunities