CVE-2024-11941: Drupal core Denial of Service

December 5, 2024

The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.

References

github.com/advisories/GHSA-xq54-x54m-vcpx
github.com/drupal/core
nvd.nist.gov/vuln/detail/CVE-2024-11941
www.drupal.org/sa-core-2024-001

Detect and mitigate CVE-2024-11941 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →