Posted on

Drupal up to 6.34/7.34 Open Redirect [CVE-2015-2750]

A vulnerability, which was classified as problematic, was found in Drupal up to 6.34/7.34 (Content Management System). Affected is an unknown function. Upgrading to version 6.35 or 7.35 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at cgit.drupalcode.org. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability.