GHSA-x6v2-xmrq-574j: Drupal Anonymous Open Redirect

May 15, 2024

Drupal core and contributed modules frequently use a “destination” query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.

References

github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-3.yaml
github.com/advisories/GHSA-x6v2-xmrq-574j
github.com/drupal/drupal
www.drupal.org/sa-core-2018-006

Detect and mitigate GHSA-x6v2-xmrq-574j with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →