CNNVD-202510-4281 Information

CNNVD ID

CNNVD-202510-4281

Related CVE

CVE-2025-10929

• CNNVD Published: 2025-10-30

Description (Chinese)

Drupal Reverse Proxy Header是Drupal社区的一款自定义HTTP头的插件。 Drupal Reverse Proxy Header 0.0.0版本至1.1.2之前版本存在安全漏洞，该漏洞源于输入一致性验证不当，可能导致用户控制变量被操纵。

Description (English)

Drupal River Proxy Header is a self-defined HTTP header plugin for the Drupal community. There is a security loophole in the pre-Drupal Reverse Proxy Header versions from 0.0.0 to 1.1.2, which results from inappropriate input consistency verification, which may result in user control variables being manipulated.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Drupal

Published

2025-10-30

Last Modified

2026-02-24

References

https://www.drupal.org/sa-contrib-2025-111 https://vigilance.fr/vulnerability/Drupal-Reverse-Proxy-Header-spoofing-via-request-IP-address-48299

Patch

https://www.drupal.org/project/reverse_proxy_header/releases