drupal/salesforce is vulnerable to Cross-Site Request Forgery (CSRF)
58
Medium Risk
The Salesforce Suite modules for Drupal do not properly validate the OAuth handshake during interactive authentication, allowing an attacker to hijack the authorization process and bind a site to an attacker-controlled Salesforce account. This issue only affects sites using the deprecated salesforce_oauth submodule with an active OAuth authorization profile. Sites that use only salesforce_jwt for authentication are not affected.
You are affected if you are using a version that falls within the vulnerable range.
drupal/salesforce is vulnerable to Cross-Site Request Forgery (CSRF) in versions 0.0.1 - 5.1.2.
Upgrade the drupal/salesforce library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant