View online: https://www.drupal.org/sa-contrib-2019-063 Project: External Links Filter [1] Date: 2019-August-14 Security risk: *Moderately critical* 10∕25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:All [2] Vulnerability: Open Redirect Vulnerability Description:  The External Link Filter module provides an input filter that replaces external links by a local link that redirects to the target URL. The module did not have protection for the Redirect URL to go where content authors intended. Solution:  Install the latest version: * If you use the External Links Filter module for Drupal 7.x, upgrade to External Links Filter version 7.x-3.1 [3] * If you use the External Links Filter module for Drupal 8.x, upgrade to External Links Filter version 8.x-1.2 [4] Also see the External Links Filter [5] project page. Reported By:  * Manuel Adán [6] Fixed By:  * Manuel Adán [7] * Dmitry Drozdik [8] Coordinated By:  * Michael Hess [9] of the Drupal Security Team * Greg Knaddison [10] of the Drupal Security Team [1] https://www.drupal.org/project/elf [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/elf/releases/7.x-3.1 [4] https://www.drupal.org/project/elf/releases/8.x-1.2 [5] https://www.drupal.org/project/elf [6] https://www.drupal.org/user/516420 [7] https://www.drupal.org/user/516420 [8] https://www.drupal.org/user/574124 [9] https://www.drupal.org/user/102818 [10] https://www.drupal.org/user/36762