CVE-2024-13296 – This vulnerability in Drupal Mailjet module all... (How to Fix)

Q: What is the severity of CVE-2024-13296?

CVE-2024-13296 has a CVSS score of 6.6 (MEDIUM). This vulnerability in Drupal Mailjet module allows attackers to inject malicious objects through deserialization of untrusted data, potentially leading to remote code execution. It affects all Drupal sites using Mailjet module versions before 4.0.1. Attackers could compromise the Drupal installation and potentially the underlying server.

📋 TL;DR

This vulnerability in Drupal Mailjet module allows attackers to inject malicious objects through deserialization of untrusted data, potentially leading to remote code execution. It affects all Drupal sites using Mailjet module versions before 4.0.1. Attackers could compromise the Drupal installation and potentially the underlying server.

💻 Affected Systems

Products:

Drupal Mailjet module

Versions: 0.0.0 through 4.0.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Drupal installations with Mailjet module enabled, regardless of configuration.

📦 What is this software?

Mailjet by Mailjet

View all CVEs affecting Mailjet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Arbitrary code execution within Drupal context, allowing website defacement, data manipulation, and installation of backdoors.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented elsewhere in the application stack.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Deserialization vulnerabilities typically require crafting specific payloads but are often weaponized quickly once details are public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.1

Vendor Advisory: https://www.drupal.org/sa-contrib-2024-062

Restart Required: No

Instructions:

1. Update Mailjet module to version 4.0.1 via Drupal's update manager or Composer. 2. Clear Drupal caches. 3. Verify module functionality post-update.

🔧 Temporary Workarounds

Disable Mailjet module

all

Temporarily disable the vulnerable Mailjet module until patching is possible

drush pm-disable mailjet

Restrict access to vulnerable endpoints

all

Use web application firewall or Drupal access controls to block requests to Mailjet-related endpoints

🧯 If You Can't Patch

Implement strict input validation and sanitization for all user inputs
Deploy web application firewall with deserialization attack detection rules

🔍 How to Verify

Check if Vulnerable:

Check Mailjet module version in Drupal admin at /admin/modules or via 'drush pm-list | grep mailjet'

Check Version:

drush pm-list --fields=name,version --format=json | grep -A1 mailjet

Verify Fix Applied:

Confirm Mailjet module version is 4.0.1 or higher and test Mailjet functionality

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to Mailjet endpoints
PHP errors related to unserialize() or object injection
Unexpected process execution from web user context

Network Indicators:

HTTP requests with serialized data payloads to Mailjet endpoints
Outbound connections from web server to unexpected destinations

SIEM Query:

web_access_logs | where url contains 'mailjet' and (request_body contains 'O:' or request_body contains 'C:')

📊 Metadata

CVE ID: CVE-2024-13296

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 0.16% exploit probability (37th percentile)

Published: January 9, 2025

Last Updated: September 3, 2025

🔗 References

https://www.drupal.org/sa-contrib-2024-062 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13296, you might also want to check these: