CVE-2016-3167: Open redirect via double-encoded 'destination' parameter

April 12, 2016 (updated April 18, 2016)

Open redirect vulnerability in the drupal_goto function in Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the destination parameter.

References

www.drupal.org/SA-CORE-2016-001

Code Behaviors & Features

Detect and mitigate CVE-2016-3167 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →