CVE-2016-9451: URL Redirection to Untrusted Site (Open Redirect)

November 25, 2016 (updated January 7, 2017)

Confirmation forms in Drupal make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

References

www.securityfocus.com/bid/94367
nvd.nist.gov/vuln/detail/CVE-2016-9451
www.drupal.org/SA-CORE-2016-005

Detect and mitigate CVE-2016-9451 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →