Events Log Track - Moderately critical - Denial of Service - SA-CONTRIB-2025-059
Description
Uncontrolled resource allocation in Drupal Events Log Track module allows denial of service via unmitigated requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Uncontrolled resource allocation in Drupal Events Log Track module allows denial of service via unmitigated requests.
Vulnerability
The Events Log Track module for Drupal does not sufficiently mitigate resource consumption for certain requests, leading to excessive allocation of resources. This affects versions before 3.1.11 and 4.0.0 before 4.0.2. [1]
Exploitation
An attacker can send specially crafted requests without authentication, causing the module to consume excessive resources, leading to denial of service. [1]
Impact
Successful exploitation results in denial of service due to resource exhaustion, impacting availability. [1]
Mitigation
Upgrade to events_log_track version 4.0.2 or 3.1.11, depending on the Drupal version. No workaround has been disclosed. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<3.1.11, >=4.0.0 <4.0.2+ 1 more
- (no CPE)range: <3.1.11, >=4.0.0 <4.0.2
- (no CPE)range: 0.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.