logo

Database

Uncontrolled external site redirect In drupal/core

Description

Drupal Core Open Redirect vulnerability Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-136622. NVD-2020-136623. OSV-2020-136624. GCVE-2020-13662

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13662.yaml2. https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13662.yaml3. https://www.drupal.org/sa-core-2020-003

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.