Advisory ID: 
BACKDROP-SA-CONTRIB-2017-002
Vulnerability: 
Information Disclosure
Versions affected: 
  • Metatag 0.x and 1.x versions prior to 1.21.0

Backdrop core is not affected. If you do not use the contributed Metatag module, there is nothing you need to do.

This module enables you to add a variety of meta tags to a site for helping with a site's search engine results and to customize how content is shared on social networks.

The module doesn't sufficiently protect against data being cached that might contain information related to a specific user.

This vulnerability is mitigated by the fact that a site must have a page with sensitive data in the page title that varies per logged in user.

Solution: 

Install the latest version:

  • If you use the Metatag module for Backdrop 1.x, upgrade to Metatag 7.x-1.21.0 or later.
Reported By: 
Fixed By: 
Coordinated By: