Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yY21qLXhwOGYtZjZxNM25SA
Trac Open redirect vulnerability
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.
Permalink: https://github.com/advisories/GHSA-rcmj-xp8f-f6q4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yY21qLXhwOGYtZjZxNM25SA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 15 days ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-rcmj-xp8f-f6q4, CVE-2008-2951
References:
- https://nvd.nist.gov/vuln/detail/CVE-2008-2951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44043
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html
- http://secunia.com/advisories/31314
- http://trac.edgewall.org/wiki/ChangeLog
- http://www.osvdb.org/46513
- http://www.securityfocus.com/bid/30402
- http://holisticinfosec.org/content/view/72/45
- https://github.com/advisories/GHSA-rcmj-xp8f-f6q4
Affected Packages
pypi:trac
Dependent packages: 0Dependent repositories: 27
Downloads: 2,726 last month
Affected Version Ranges: < 0.10.5
Fixed in: 0.10.5
All affected versions: 0.8.4
All unaffected versions: 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5, 0.12.6, 0.12.7, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15, 1.0.17, 1.0.18, 1.0.19, 1.0.20, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.4.1, 1.4.2, 1.4.3, 1.4.4