[HIGH] Open redirect via path manipulation

PKSA-w7rh-fsfz-47tv CVE-2016-3164 GHSA-836p-6p4j-35cg

Affected package: drupal/core

Affected version: >=8.0,<8.0.4

Reported by:
FriendsOfPHP/security-advisories, GitHub