First published: Tue Feb 20 2018(Updated: )
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
Credit: mlhess@drupal.org mlhess@drupal.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/drupal/core | >=8.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.4.5 | |
composer/drupal/drupal | >=8.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.4.5 | |
debian/drupal7 | ||
debian/drupal7 | <=7.56-1<=7.32-1 | 7.57-1 7.52-2+deb9u2 7.32-1+deb8u10 |
Drupal Drupal | >=7.0<7.57 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
composer/drupal/drupal | >=7.0<7.57 | 7.57 |
composer/drupal/core | >=7.0<7.57 | 7.57 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.