Project
Mailjet
Date
Severity
Less Critical
Risk Score
7 ∕ 25 AC:Complex/A:User/CI:None/II:None/E:Theoretical/TD:All
Vulnerability
Multiple upstream security vulnerabilities
Affected versions
<7.x02.24

Description

The Mailjet module integrates with the Mailjet cloud service which can be used to send, track and deliver both marketing and transactional emails.

Mailjet is susceptible to multiple upstream vulnerabilities from its use of the embedded PHPMailer & Guzzle library. 

These vulnerabilities are mitigated by that fact that default setup of this module does not trigger any of these known vulnerabilities. 

Due to the high number of known vulnerabilities in PHPMailer & Guzzle, it is recommended sites update to the latest release.

Solution

Install the latest version.

If you use the Mailjet module for Drupal 7, upgrade to Mailjet 7.x-2.24:

Reported by

  • Pierre Rudloff (prudloff)

Fixed by

  • Tag1 D7ES

Coordinated by

  • Tag1 D7ES