Drupal Urges Update: Security Advisory for Mollie Module
In a recent security advisory, Drupal.org highlighted a moderately critical vulnerability in the Mollie for Drupal module, specifically about faulty payment confirmation logic. The flaw could potentially lead to a situation where an attacker, armed with knowledge about the module's internal functionality, might exploit a glitch in the payment status update process.
The vulnerability arises from the module's failure to correctly load the order for updating payment status when Mollie redirects to the designated URL. This flaw opens the door for an attacker to associate other individuals' orders with their own, essentially gaining credit without making a payment.
Drupal.org emphasizes that the severity of this vulnerability is mitigated by the requirement for the attacker to possess specific knowledge about the module's internal workings. Nevertheless, installations using the Mollie for Drupal Commerce submodule are urged to take immediate action.
To address this issue, Drupal.org recommends users to install the latest version. Specifically, for those utilizing the Mollie for Drupal module, upgrading to version 2.2.1 is strongly advised. This update includes crucial fixes to rectify the payment confirmation logic, ensuring a more secure online transaction environment.
Drupal.org urges all affected users to promptly implement the necessary updates to safeguard their systems from potential exploitation. The Drupal security team remains committed to providing timely advisories and updates to maintain the integrity and security of the Drupal ecosystem. Users are encouraged to stay informed and take proactive measures to enhance the security of their Drupal installations.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.