Affecting drupal/core package, versions >=7.0.0, <7.60 || >=8.0.0, <8.5.8 || >=8.6.0, <8.6.2
drupal/core is an open source content management platform powering millions of websites and applications.
Affected versions of this package are vulnerable to Open Redirect. Malicious user could use the
destination query string parameter to construct a URL that would trick users into being redirected to a 3rd party website.
drupal/core to versions 7.60, 8.5.8, 8.6.2 or higher.
Do your applications use this vulnerable package?
- Brian Osborne
- Snyk ID
- 17 Oct, 2018
- 22 Oct, 2018