Drupal 7 core - Moderately critical - Open Redirect - SA-CORE-2020-003

Drupal 7 core - Moderately critical - Open Redirect - SA-CORE-2020-003

Project: Drupal core
Date: 2020-May-20
Security risk: Moderately critical 10∕25 
Vulnerability: Open Redirect

Description

Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.

The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

Other versions of Drupal core are not vulnerable.

Solution

Install the latest version:

If you use Drupal 7.x upgrade to Drupal 7.70

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kind of Open Source applications, AI, bitcoins, but mostly about Drupal. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.