View online: https://www.drupal.org/sa-contrib-2019-063
Project: External Links Filter [1] Date: 2019-August-14 Security risk: *Moderately critical* 10∕25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:All [2] Vulnerability: Open Redirect Vulnerability
Description: The External Link Filter module provides an input filter that replaces external links by a local link that redirects to the target URL.
The module did not have protection for the Redirect URL to go where content authors intended.
Solution: Install the latest version:
* If you use the External Links Filter module for Drupal 7.x, upgrade to External Links Filter version 7.x-3.1 [3] * If you use the External Links Filter module for Drupal 8.x, upgrade to External Links Filter version 8.x-1.2 [4]
Also see the External Links Filter [5] project page.
Reported By: * Manuel Adán [6]
Fixed By: * Manuel Adán [7] * Dmitry Drozdik [8]
Coordinated By: * Michael Hess [9] of the Drupal Security Team * Greg Knaddison [10] of the Drupal Security Team
[1] https://www.drupal.org/project/elf [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/elf/releases/7.x-3.1 [4] https://www.drupal.org/project/elf/releases/8.x-1.2 [5] https://www.drupal.org/project/elf [6] https://www.drupal.org/user/516420 [7] https://www.drupal.org/user/516420 [8] https://www.drupal.org/user/574124 [9] https://www.drupal.org/user/102818 [10] https://www.drupal.org/user/36762