Nick Onom's picture

Nick

 Marketing Project Manager

May 20, 2020
Add comment

Drupal 7 core - Moderately critical - Open Redirect - SA-CORE-2020-003

Drupal 7 core - Moderately critical - Open Redirect - SA-CORE-2020-003

Project: Drupal core
Date: 2020-May-20
Security risk: Moderately critical 10∕25 
Vulnerability: Open Redirect

Description

Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.

The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

Other versions of Drupal core are not vulnerable.

Solution

Install the latest version:

If you use Drupal 7.x upgrade to Drupal 7.70

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.
Drupal · Security

We value your opinion. Please add your feedback.

Get Started or Contact Us