CVE-2017-7266

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-7266

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7266.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7266

Aliases

GHSA-j6jq-3q8p-xgg6

Published

2017-03-26T05:59:00.273Z

Modified

2026-04-10T04:02:04.126715Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

References

Affected packages

Git / github.com/netflix/security_monkey

Affected ranges

Type

GIT

Repo

https://github.com/netflix/security_monkey

Events

Introduced

Last affected

eefef7a8e4e8bd7ef1f427b97a28f58a404caa1d

Fixed

3b4da13efabb05970c80f464a50d3c1c12262466

Fixed

870e18bdfbbe6c3e7445cf655c5572cecec5c6f9

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.0"
        }
    ]
}

Affected versions

0.*

0.3.0

Other

0_1_2_test_1

0_2_0

S3ACLReturnedNoneDisplayName_exception_spelling

add_s3_getbuckettagging_permission

alembic_version_595e27f36454_fails_on_clean_db

configurable_api_server

connect_ses_exception_not_caught

documentation_fixes

exception_with_elbs_missing_PolicyDescriptions_section

issue_117_auditorsettings_never_created

issue_12_deleting_account_foreign_key_constraint

issue_42_elb_pagination_broke_elb_watcher

issue_52_iam_users_missing_pagination

missing_ignorelist_alembic_script

unenforced_field_limits_throw_exceptions

update_quickstart_documentation

upgrade_flask_security

lsv0.*

lsv0.3.4

v0.*

v0.3.4

v0.6.0

v0.7.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7266.json"