Описание
Open Redirect in django-spirit
django-spirit prior to version 0.12.3 is vulnerable to open redirect. In the /user/login endpoint, it doesn't check the value of the next parameter when the user is logged in and passes it directly to redirect which result to open redirect. This also affects /user/logout, /user/register, /user/login, /user/resend-activation.
Пакеты
Наименование
django-spirit
pip
Затронутые версииВерсия исправления
< 0.12.3
0.12.3
Связанные уязвимости
CVSS3: 6.1
nvd
почти 4 года назад
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.