CVE-2020-13662

MEDIUM6.1EPSS 0.21%

Drupal Core Open Redirect vulnerability

發布日:2022/5/24修改日:2025/4/3

也稱為:GHSA-gjqg-9rhv-qj67BIT-drupal-2020-13662

描述

Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.

受影響套件(4)

Bitnami/drupal>= 7.0.0, < 7.70.1
Debian/drupal7from 0, < 7.32-1+deb8u18
Packagist/drupal/core>= 7.0.0, < 7.70
Packagist/drupal/drupal>= 7.0.0, < 7.70

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-13662
PATCHhttps://github.com/drupal/core
WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13662.yaml
WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13662.yaml
WEBhttps://www.drupal.org/sa-core-2020-003