7 High
AI Score
Confidence
High
The path module in Drupal allows users with the ‘administer paths’ to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.
github.com/drupal/drupal
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/2018-10-17-2.yaml
www.drupal.org/sa-core-2018-006