-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| drupal/drupal | composer | >= 8.0.0, < 8.5.8 | 8.5.8 |
| drupal/drupal | composer | >= 8.6.0, < 8.6.2 | 8.6.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper validation of the 'destination' parameter in redirects. The primary failure point is in RedirectResponseSubscriber::checkRedirectUrl, which handles redirect validation but lacked proper checks for external URLs in affected versions. UrlHelper::isExternal is included with medium confidence because while it's central to URL validation, the exact bypass mechanism isn't explicitly documented in available resources. The CommonController::destinationRedirect is part of the redirect flow but ultimately relies on these lower-level validation mechanisms.
A Semantic Attack on Google Gemini - Read the Latest Research