Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qNmpxLTNxOHAteGdnNs4AAbzM
Netflix Security Monkey Open Redirect vulnerability
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
Permalink: https://github.com/advisories/GHSA-j6jq-3q8p-xgg6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNmpxLTNxOHAteGdnNs4AAbzM
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 month ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-j6jq-3q8p-xgg6, CVE-2017-7266
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-7266
- https://github.com/Netflix/security_monkey/pull/482
- https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466
- https://github.com/Netflix/security_monkey/releases/tag/v0.8.0
- https://web.archive.org/web/20201220170714/http://www.securityfocus.com/bid/97088
- https://github.com/advisories/GHSA-j6jq-3q8p-xgg6
Blast Radius: 1.8
Affected Packages
pypi:security_monkey
Dependent packages: 0Dependent repositories: 2
Downloads: 18 last month
Affected Version Ranges: < 0.8.0
Fixed in: 0.8.0
All affected versions: 0.4.0
All unaffected versions: