Affecting drupal/core package, versions >=7.0.0, <7.60 || >=8.0.0, <8.5.8 || >=8.6.0, <8.6.2
drupal/drupal is an open source content management platform powering millions of websites and applications.
Affected versions of this package are vulnerable to Open Redirect. The path module allows users with the
administer paths to create pretty URLs for content. An attacker user could enter a particular path that triggers an open redirect to a malicious url.
drupal/drupal to versions 7.60, 8.5.8, 8.6.2 or higher.
- Brian Osborne
- Snyk ID
- 17 Oct, 2018
- 22 Oct, 2018