GHSA-8g9m-vv69-7j99

Source

https://github.com/advisories/GHSA-8g9m-vv69-7j99

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-8g9m-vv69-7j99/GHSA-8g9m-vv69-7j99.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8g9m-vv69-7j99

Aliases

Published

2022-10-10T19:00:18Z

Modified

2024-11-22T20:42:54.261500Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

rdiffweb vulnerable to Open Redirect

Details

A lack of user input validation leads to an open redirect vulnerability in rdiffweb prior to 2.5.0a4.

Database specific

{
    "severity": "MODERATE",
    "nvd_published_at": "2022-10-10T12:15:00Z",
    "github_reviewed_at": "2022-10-10T21:35:54Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-601"
    ]
}

References

Affected packages

PyPI / rdiffweb

Package

Name: rdiffweb; View open source insights on deps.dev
Purl: pkg:pypi/rdiffweb

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.0a4

Affected versions

0.*

0.9.2.dev1

0.9.3

0.9.4

0.9.5

0.10.0

0.10.2

0.10.3

0.10.4

0.10.5

0.10.6

0.10.7

0.10.8

0.10.9

1.*

1.0.0a1

1.0.0a2

1.0.0a3

1.0.0a4

1.0.0

1.0.1

1.0.2

1.0.3

1.1.0

1.2.0

1.2.1

1.2.2

1.3.0

1.3.1b1

1.3.1b2

1.3.1

1.3.2

1.4.0b1

1.4.0b2

1.4.0b3

1.4.0b4

1.4.0b5

1.4.0

1.4.1b1

1.4.1b2

1.4.1b3

1.5.0

1.5.1b1

1.5.1b2

1.6.0b1

2.*

2.0.1b2

2.0.1b3

2.0.2

2.0.3a1

2.0.3a2

2.0.3a3

2.0.3a4

2.0.3a5

2.0.3a6

2.0.3a7

2.1.0

2.2.0.dev1

2.2.0a1

2.2.0a2

2.2.0a3

2.2.0a4

2.2.0a5

2.2.0a6

2.2.0

2.2.1

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.4.9

2.4.10

2.4.11a1

2.4.11