Описание
Drupal Anonymous Open Redirect
Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.
Пакеты
Наименование
drupal/drupal
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.5.8
8.5.8
Наименование
drupal/drupal
composer
Затронутые версииВерсия исправления
>= 8.6.0, < 8.6.2
8.6.2
5.8 Medium
CVSS3
Дефекты
CWE-601
5.8 Medium
CVSS3
Дефекты
CWE-601