Описание
Netflix Security Monkey Open Redirect vulnerability
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-7266
- https://github.com/Netflix/security_monkey/pull/482
- https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466
- https://github.com/Netflix/security_monkey/releases/tag/v0.8.0
- https://web.archive.org/web/20201220170714/http://www.securityfocus.com/bid/97088
Пакеты
Наименование
security_monkey
pip
Затронутые версииВерсия исправления
< 0.8.0
0.8.0
Связанные уязвимости
CVSS3: 6.1
nvd
почти 9 лет назад
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.