FreeBSD : drupal -- Multiple Vulnerabilities (c5ec57a9-9c2b-11ea-82b8-4c72b94353b5)

high Nessus Plugin ID 136853

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Drupal Security Team reports :

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions.
As mentioned in the jQuery blog, both are: ... Security issues in jQuerys DOM manipulation methods, as in .html(), .append(), and the others. Security advisories for both of these issues have been published on GitHub.

Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupal_goto() function.

Solution

Update the affected packages.

See Also

https://www.drupal.org/sa-core-2020-002

https://www.drupal.org/sa-core-2020-003

http://www.nessus.org/u?cd103cac

Plugin Details

Severity: High

ID: 136853

File Name: freebsd_pkg_c5ec57a99c2b11ea82b84c72b94353b5.nasl

Version: 1.2

Type: local

Published: 5/26/2020

Updated: 6/5/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal7, p-cpe:/a:freebsd:freebsd:drupal8, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/22/2020

Vulnerability Publication Date: 5/20/2020