GHSA-rf8c-3f5p-xv45

Опубликовано: 05 фев. 2026

Источник: github

Github: Прошло ревью

CVSS4: 5.1

CVSS3: 4.7

Описание

web2py has an Open Redirect Vulnerability

web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an Open Redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.

Ссылки

Пакеты

Наименование

web2py

pip

Затронутые версииВерсия исправления

< 3.1.1

3.1.1

EPSS

Процентиль: 8%

0.0003

Низкий

5.1 Medium

CVSS4

4.7 Medium

CVSS3

CVE ID

CVE-2026-25198

Дефекты

CWE-601

Связанные уязвимости

CVE-2026-25198

CVSS3: 4.7

nvd

2 дня назад

web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.

CVE-2026-25198

CVSS3: 4.7

debian

2 дня назад

web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior ...

EPSS

Процентиль: 8%

0.0003

Низкий

5.1 Medium

CVSS4

4.7 Medium

CVSS3

CVE ID

CVE-2026-25198

Дефекты

CWE-601