The Comment module allows users to reply to comments. In certain cases, an attacker could make comment reply requests that would trigger a denial of service (DOS).

Sites that do not use the Comment module are not affected.

Affected Packages

Packagist drupal/core

Affected versions: 10.1.0 (fixed in 10.1.8)

Packagist drupal/core

Affected versions: 10.2.0 (fixed in 10.2.2)

Related CVEs

CVE-2024-11941

Key Information

GHSA ID

GHSA-xq54-x54m-vcpx

Published

December 5, 2024 3:31 PM

Last Modified

December 5, 2024 7:58 PM

CVSS Score

7.5 /10

Primary Ecosystem

Packagist

Primary Package

drupal/core

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.