Advisory ID: 
BACKDROP-SA-CONTRIB-2017-002
Vulnerability: 
Information Disclosure
Versions affected: 
  • Metatag 0.x and 1.x versions prior to 1.21.0

Backdrop core is not affected. If you do not use the contributed Metatag module, there is nothing you need to do.

Description: 

This module enables you to add a variety of meta tags to a site for helping with a site's search engine results and to customize how content is shared on social networks.

The module doesn't sufficiently protect against data being cached that might contain information related to a specific user.

This vulnerability is mitigated by the fact that a site must have a page with sensitive data in the page title that varies per logged in user.

Solution: 

Install the latest version:

  • If you use the Metatag module for Backdrop 1.x, upgrade to Metatag 7.x-1.21.0 or later.
Reported By: 
Fixed By: 
Coordinated By: