GHSA-vqp6-j452-j6wp

Опубликовано: 04 мар. 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Open Redirect in CPython that affects users of OpenStack Nova

A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

Ссылки

Пакеты

Наименование

nova

pip

Затронутые версииВерсия исправления

< 21.2.3

21.2.3

Наименование

nova

pip

Затронутые версииВерсия исправления

>= 22.0.0, < 22.2.3

22.2.3

Наименование

nova

pip

Затронутые версииВерсия исправления

>= 23.0.0, < 23.0.3

23.0.3

EPSS

Процентиль: 99%

0.85533

Высокий

6.1 Medium

CVSS3

CVE ID

CVE-2021-3654

Дефекты

CWE-601

Связанные уязвимости

CVE-2021-3654

CVSS3: 6.1

ubuntu

почти 4 года назад

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

CVE-2021-3654

CVSS3: 5.7

redhat

больше 4 лет назад

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

CVE-2021-3654

CVSS3: 6.1

nvd

почти 4 года назад

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

CVE-2021-3654

CVSS3: 6.1

debian

почти 4 года назад

A vulnerability was found in openstack-nova's console proxy, noVNC. By ...

EPSS

Процентиль: 99%

0.85533

Высокий

6.1 Medium

CVSS3

CVE ID

CVE-2021-3654

Дефекты

CWE-601