GHSA-7f4f-p7mq-p4fv: Drupal External URL injection through URL aliases leading to Open Redirect

May 15, 2024

The path module in Drupal allows users with the ‘administer paths’ to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.

References

github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2018-10-17-2.yaml
github.com/advisories/GHSA-7f4f-p7mq-p4fv
github.com/drupal/core
www.drupal.org/sa-core-2018-006

Detect and mitigate GHSA-7f4f-p7mq-p4fv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →