Description
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0.
Problem types
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
Product status
Credits
Drew Webber (mcdruid)
Benji Fisher (benjifisher)
Daniel Schiavone (schiavone)
Benji Fisher (benjifisher)
Bram Driesen (bramdriesen)
Neil Drumm (drumm)
Drew Webber (mcdruid)
Juraj Nemec (poker10)
References
www.drupal.org/sa-contrib-2026-064