Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3cDctdnFyNS1oMzNo
Open Redirect in autobahn
Autobahn|Python before 20.12.3 allows redirect header injection.
Permalink: https://github.com/advisories/GHSA-gwp7-vqr5-h33hJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3cDctdnFyNS1oMzNo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: 9 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-gwp7-vqr5-h33h, CVE-2020-35678
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-35678
- https://github.com/crossbario/autobahn-python/pull/1439
- https://autobahn.readthedocs.io/en/latest/changelog.html
- https://github.com/crossbario/autobahn-python
- https://github.com/crossbario/autobahn-python/compare/v20.12.2...v20.12.3
- https://pypi.org/project/autobahn/20.12.3/
- https://github.com/advisories/GHSA-gwp7-vqr5-h33h
Blast Radius: 24.0
Affected Packages
pypi:autobahn
Dependent packages: 46Dependent repositories: 8,630
Downloads: 1,138,518 last month
Affected Version Ranges: < 20.12.3
Fixed in: 20.12.3
All affected versions: 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.10, 0.5.0, 0.5.1, 0.5.2, 0.5.5, 0.5.8, 0.5.9, 0.5.14, 0.6.3, 0.6.4, 0.6.5, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 0.8.15, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.11.0, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.0, 0.14.1, 0.15.0, 0.16.0, 0.16.1, 0.17.0, 0.17.1, 0.17.2, 0.18.0, 0.18.1, 0.18.2, 17.5.1, 17.6.1, 17.6.2, 17.7.1, 17.8.1, 17.9.1, 17.9.2, 17.9.3, 17.10.1, 18.3.1, 18.4.1, 18.5.1, 18.5.2, 18.6.1, 18.7.1, 18.8.1, 18.8.2, 18.9.1, 18.9.2, 18.10.1, 18.11.1, 18.11.2, 18.12.1, 19.1.1, 19.2.1, 19.3.1, 19.3.2, 19.3.3, 19.5.1, 19.6.1, 19.6.2, 19.7.1, 19.7.2, 19.8.1, 19.9.1, 19.9.2, 19.9.3, 19.10.1, 19.11.1, 19.11.2, 20.1.2, 20.1.3, 20.2.1, 20.2.2, 20.3.1, 20.4.1, 20.4.2, 20.4.3, 20.6.1, 20.6.2, 20.7.1, 20.12.1, 20.12.2
All unaffected versions: 20.12.3, 21.1.1, 21.2.1, 21.2.2, 21.3.1, 21.11.1, 22.1.1, 22.2.1, 22.2.2, 22.3.1, 22.3.2, 22.4.1, 22.4.2, 22.5.1, 22.6.1, 22.7.1, 22.12.1, 23.1.1, 23.1.2, 23.6.1, 23.6.2