Fluid Attacks Database

Description

Drupal External URL injection through URL aliases leading to Open Redirect The path module in Drupal allows users with the 'administer paths' to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	drupal/core	>=7.0 <7.60 \|\| >=8.0.0 <8.5.8 \|\| >=8.6.0 <8.6.2	7.60, 8.5.8, 8.6.2

Aliases

1. GCVE-GHSA-7f4f-p7mq-p4fv

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-2.yaml2. https://www.drupal.org/sa-core-2018-006

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.