5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
76.4%
The LABjs module integrates LABjs with Drupal for web performance optimization.
The module ships with a modified version of the core Overlay JavaScript file, which is vulnerable to an open redirect attack (see SA-CORE-2015-002).
Only sites with the Overlay module enabled are vulnerable.
Drupal core is not affected. If you do not use the contributed LABjs module, there is nothing you need to do.
Install the latest version:
Also see the LABjs project page.
twitter.com/drupalsecurity
www.drupal.org/contact
www.drupal.org/node/2507561
www.drupal.org/project/labjs
www.drupal.org/SA-CORE-2015-002
www.drupal.org/security-team
www.drupal.org/security-team/risk-levels
www.drupal.org/security/secure-configuration
www.drupal.org/u/david_rothstein
www.drupal.org/u/jcisio
www.drupal.org/u/pere-orga
www.drupal.org/user/2700643
www.drupal.org/writing-secure-code