PYSEC-2021-18
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/indico/PYSEC-2021-18.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2021-18
- Aliases
- Published
- 2021-04-07T14:15:00Z
- Modified
- 2023-11-08T04:05:45.785370Z
- Summary
- [none]
- Details
-
CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link.
- References
Affected packages
PyPI / indico
Package
- Name
- indico
- View open source insights on deps.dev
- Purl
- pkg:pypi/indico
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.3.4
Affected versions
0.*
0.98-rc1
0.98.0
0.98.1
0.98.2
0.99
1.*
1.0
1.1
1.1.1
1.1.2
1.2
1.2.1rc2
1.2.1rc4
1.2.1rc5
1.2.1rc6
1.2.1rc7
1.2.1rc9
1.2.1rc10
1.2.1rc11
1.2.1
1.2.2rc1
1.2.2
1.9.11.dev3
1.9.11.dev4
1.9.11.dev6
1.9.11.dev7
1.9.11.dev8
1.9.11.dev9
1.9.11.dev10
1.9.11.dev11
1.9.11.dev12
1.9.11.dev13
1.9.11.dev14
1.9.11.dev15
1.9.11.dev16
1.9.11.dev17
2.*
2.0a1
2.0rc1
2.0rc2
2.0
2.0.1
2.0.2
2.0.3
2.1
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.2
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.3
2.3.1
2.3.2
2.3.3