Project:
Date:
2020-May-20
Vulnerability:
Open Redirect
Description:
Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.
The vulnerability is caused by insufficient validation of the destination
query parameter in the drupal_goto()
function.
Other versions of Drupal core are not vulnerable.
Solution:
Install the latest version:
- If you use Drupal 7.x upgrade to Drupal 7.70
Reported By:
Fixed By:
- Drew Webber of the Drupal Security Team
- Fabian Franz
- David Snopek of the Drupal Security Team
- vortfu