GHSA-rcmj-xp8f-f6q4

Source

https://github.com/advisories/GHSA-rcmj-xp8f-f6q4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rcmj-xp8f-f6q4/GHSA-rcmj-xp8f-f6q4.json

Aliases

CVE-2008-2951
PYSEC-2008-4

Published

2022-05-01T23:55:06Z

Modified

2024-04-22T19:26:37.362297Z

Summary

Trac Open redirect vulnerability

Details

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

References

https://nvd.nist.gov/vuln/detail/CVE-2008-2951
https://exchange.xforce.ibmcloud.com/vulnerabilities/44043
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html
http://holisticinfosec.org/content/view/72/45
http://secunia.com/advisories/31314
http://trac.edgewall.org/wiki/ChangeLog
http://www.osvdb.org/46513
http://www.securityfocus.com/bid/30402

Affected packages

PyPI / trac

Package

Name: trac

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.10.5

Affected versions

0.*

0.8.4

0.9

0.10