GHSA-wwrm-8947-4m6c

Suggest an improvement
Source
https://github.com/advisories/GHSA-wwrm-8947-4m6c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wwrm-8947-4m6c/GHSA-wwrm-8947-4m6c.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-wwrm-8947-4m6c
Aliases
  • CVE-2012-1589
Published
2022-05-17T04:56:42Z
Modified
2023-11-01T04:44:41.843584Z
Summary
Drupal Open Redirect
Details

Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.

Database specific
{
    "nvd_published_at": "2012-05-18T20:55:00Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-601"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T21:31:37Z"
}
References

Affected packages

Packagist / drupal/drupal

Package

Name
drupal/drupal
Purl
pkg:composer/drupal/drupal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0
Fixed
7.13