GHSA-hxg2-5c8p-ppwm

Source

https://github.com/advisories/GHSA-hxg2-5c8p-ppwm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hxg2-5c8p-ppwm/GHSA-hxg2-5c8p-ppwm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hxg2-5c8p-ppwm

Aliases

CVE-2013-6389

Published

2022-05-17T04:55:08Z

Modified

2024-10-30T18:12:25.066662Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Drupal has open redirect vulnerability in the Overlay module

Details

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Database specific

{
    "cwe_ids": [
        "CWE-20",
        "CWE-601"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-30T17:57:18Z",
    "nvd_published_at": "2013-12-07T21:55:00Z",
    "severity": "HIGH"
}

References

Affected packages

Packagist / drupal/drupal

Package

Name: drupal/drupal
Purl: pkg:composer/drupal/drupal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0

Fixed

7.24

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hxg2-5c8p-ppwm/GHSA-hxg2-5c8p-ppwm.json"