CVE-2025-1300

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-1300

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1300.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1300

Aliases

GHSA-g839-x3p3-g5fm

Published

2025-02-28T13:15:27.043Z

Modified

2026-04-10T05:21:06.967974Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.

The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassing the protections against CVE-2021-28861, leading to the same open redirect pathway.

This issue affects CodeChecker: through 6.24.5.

References

https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm

Affected packages

Git / github.com/ericsson/codechecker

Affected ranges

Type

GIT

Repo

https://github.com/ericsson/codechecker

Events

Introduced

Fixed

4ce6544bb734faa69fc00023b1477f416541933a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.24.6"
        }
    ]
}

Affected versions

v4.*

v4.0

v5.*

v5.0

v5.1

v5.10

v5.2

v5.3

v5.4

v5.5

v5.6

v5.7

v5.7.1

v5.8

v5.9

v6.*

v6.0

v6.0.1

v6.1

v6.1.1

v6.10.0

v6.12.0

v6.13.0

v6.14.0

v6.15.0

v6.16.0

v6.17.0

v6.18.0

v6.19.0

v6.2

v6.2.1

v6.20.0

v6.21.0

v6.22.0

v6.23.0

v6.23.0-rc1

v6.24.0

v6.24.1

v6.24.2

v6.24.3

v6.24.4

v6.24.5

v6.3

v6.4

v6.5

v6.5.1

v6.6.0

v6.7.0

v6.7.1

v6.8.0

v6.8.1

v6.9.0

v6.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1300.json"