CVE-2016-3164 – drupal/core

Package

Manager: composer
Name: drupal/core
Vulnerable Version: >=8.0 <8.0.4 || >=7.0 <7.43 || >=6.0 <6.38

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00487 pctl0.64421

Details

Drupal Open Redirect Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.

Metadata

Created: 2022-05-17T03:57:20Z
Modified: 2023-12-07T16:19:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-836p-6p4j-35cg/GHSA-836p-6p4j-35cg.json
CWE IDs: []
Alternative ID: GHSA-836p-6p4j-35cg
Finding: F156
Auto approve: 1