Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
CVSS Details
- CVSS 3.1 Base Score: 6.1
- CVSS 3.1 Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Alpine Linux | alpine-linux-upgrade-drupal7 | Aug 22, 2024 | May 5, 2021 | |
| Debian | debian-upgrade-drupal7 | Jun 1, 2020 | Jun 1, 2020 | |
| Ubuntu | no-fix-ubuntu-package | Jun 26, 2025 | May 5, 2021 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub