Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Project:
Date:
2019-August-14
Vulnerability:
Open Redirect Vulnerability
Affected versions:
<1.2.0
Description:
The External Link Filter module provides an input filter that replaces external links by a local link that redirects to the target URL.
The module did not have protection for the Redirect URL to go where content authors intended.
Solution:
Install the latest version:
- If you use the External Links Filter module for Drupal 7.x, upgrade to External Links Filter version 7.x-3.1
- If you use the External Links Filter module for Drupal 8.x, upgrade to External Links Filter version 8.x-1.2
Also see the External Links Filter project page.
Reported By:
Fixed By:
Coordinated By:
- Michael Hess of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
