logo

Database

Uncontrolled external site redirect In drupal/core

Description

Drupal core Open Redirect vulnerability Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.

The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

Other versions of Drupal core are not vulnerable.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-6gf6-24h2-66j4

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-05-20-1.yaml2. https://www.drupal.org/sa-core-2020-003

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.