Affecting drupal/drupal package, versions >=7.0.0, <7.60 || >=8.0.0, <8.5.8 || >=8.6.0, <8.6.2
drupal/drupal is an open source content management platform powering millions of websites and applications.
Affected versions of this package are vulnerable to Open Redirect. Malicious user could use the
destination query string parameter to construct a URL that would trick users into being redirected to a 3rd party website.
drupal/drupal to versions 7.60, 8.5.8, 8.6.2 or higher.
Do your applications use this vulnerable package?
- Brian Osborne
- Snyk ID
- 17 Oct, 2018
- 22 Oct, 2018