FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- Multiple Vulnerabilities

Affected packages
drupal7 < 7.70
drupal8 < 8.8.6

Details

VuXML ID c5ec57a9-9c2b-11ea-82b8-4c72b94353b5
Discovery 2020-05-20
Entry 2020-05-22

Drupal Security Team reports:

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are: ... Security issues in jQuerys DOM manipulation methods, as in .html(), .append(), and the others. Security advisories for both of these issues have been published on GitHub.

Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

References

URL https://www.drupal.org/sa-core-2020-002
URL https://www.drupal.org/sa-core-2020-003