Drupal External URL injection through URL aliases leading to Open Redirect

The path module in Drupal allows users with the ‘administer paths’ to create pretty URLs for content.
In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.