CVE-2025-31684: Drupal OAuth2 Client Cross-Site Request Forgery (CSRF)

April 1, 2025 (updated April 29, 2025)

Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery. This issue affects OAuth2 Client: from 0.0.0 before 4.1.3.

References

git.drupalcode.org/project/oauth2_client
github.com/advisories/GHSA-6chf-hhqf-749c
nvd.nist.gov/vuln/detail/CVE-2025-31684
www.drupal.org/sa-contrib-2025-013

Code Behaviors & Features

Detect and mitigate CVE-2025-31684 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →