Source: drupal7 Version: 7.52-2 Severity: grave Tags: security upstream fixed-upstream Justification: user security hole Control: clone -1 -2 Control: retitle -1 drupal7: SA-CORE-2018-006: External URL injection through URL aliases Control: retitle -2 drupal7: SA-CORE-2018-006: Injection in DefaultMailSystem::mail()
As there is no CVE yet assigned, filling a single bug for identification: https://www.drupal.org/sa-core-2018-006 Issue 1: External URL injection through URL aliases Issue 2: Injection in DefaultMailSystem::mail() Regards, Salvatore
