Описание
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassing the protections against CVE-2021-28861, leading to the same open redirect pathway.
This issue affects CodeChecker: through 6.24.5.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.24.6 (исключая)
cpe:2.3:a:ericsson:codechecker:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00098
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 6.1
github
11 месяцев назад
CodeChecker open redirect when URL contains multiple slashes after the product name
EPSS
Процентиль: 27%
0.00098
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-601