Affecting drupal/core package, versions >=7.0.0, <7.60 || >=8.0.0, <8.5.8 || >=8.6.0, <8.6.2
drupal/core is an open source content management platform powering millions of websites and applications.
Affected versions of this package are vulnerable to Open Redirect. The path module allows users with the
administer paths to create pretty URLs for content. An attacker user could enter a particular path that triggers an open redirect to a malicious url.
drupal/core to versions 7.60, 8.5.8, 8.6.2 or higher.
Do your applications use this vulnerable package?
- Brian Osborne
- Snyk ID
- 17 Oct, 2018
- 22 Oct, 2018