Module SendinBlue considered "insecure" by "composer audit"

Created on 26 September 2023, over 1 year ago

Updated 2 October 2023, over 1 year ago

Problem/Motivation

Since ✨ Implement “list security advisories” Packagist/Composer API Fixed , composer audit works with Drupal modules.
It considers that every version of sendinblue is vulnerable:

+-------------------+----------------------------------------------------------------------------------+
| Package           | drupal/sendinblue                                                                |
| CVE               | NO CVE                                                                           |
| Title             | SendinBlue - Critical - Unsupported - SA-CONTRIB-2019-088                        |
| URL               | https://www.drupal.org/sa-contrib-2019-088                                       |
| Affected versions | *                                                                                |
| Reported at       | 2019-11-13T18:09:57+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

It seems to happen because the module was unsupported at some point.

Steps to reproduce

Install the sendinblue module with Composer.
Run composer audit.

🐛 Bug report

Status

Fixed

Version

1.0

Component

Miscellaneous

Created by

🇫🇷France prudloff Lille

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @prudloff
Comment over 1 year ago →
🇺🇸United States cmlara
Moving to project_composer for triage as noted in ✨ Implement “list security advisories” Packagist/Composer API Fixed .

Quick glance: This looks like someone may have adopted the module but as was(/is) D.O. standard procedure the SA was not updated.
Assigned to drumm
Status changed to Fixed over 1 year ago7:52pm 2 October 2023
Comment over 1 year ago →
🇺🇸United States drumm NY, US
It looks like maintainers did step up and resolved the issue. https://www.drupal.org/sa-contrib-2019-088 → is now updated to match that status.
Comment over 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024