Описание
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
An open redirect flaw was found in the WSGI library python-werkzeug. When URL_PATH starts with a double slash, followed by an arbitrary URL without a scheme, python-werkzeug could redirect applications to that arbitrary URL. This flaw allows an attacker to use this technique to redirect victims to phishing websites controlled by an attacker or to use this flaw to chain vulnerabilities.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | python-werkzeug | Out of support scope | ||
| Red Hat Enterprise Linux 8 | python-werkzeug | Not affected | ||
| Red Hat OpenShift Container Platform 4 | python-werkzeug | Not affected | ||
| Red Hat OpenStack Platform 16.1 | python-werkzeug | Not affected | ||
| Red Hat Quay 3 | python-werkzeug | Not affected | ||
| Red Hat Satellite 6 | python-werkzeug | Will not fix | ||
| Red Hat Software Collections | python27-python-werkzeug | Not affected | ||
| Red Hat Update Infrastructure 3 for Cloud Providers | python-werkzeug | Out of support scope | ||
| Red Hat Virtualization 4 | python-werkzeug | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
Open redirect vulnerability in werkzeug before 0.11.6 via a double sla ...
EPSS
5.4 Medium
CVSS3