PYSEC-2025-71
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/cadwyn/PYSEC-2025-71.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2025-71
- Aliases
- Published
- 2025-07-21T21:15:25Z
- Modified
- 2025-07-23T16:12:16.996891Z
- Summary
- [none]
- Details
-
Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack. This XSS would notably allow an attacker to execute JavaScript code on a user's session for any application based on Cadwyn via a one-click attack. The vulnerability has been fixed in version 5.4.3.
- References
Affected packages
PyPI / cadwyn
Package
- Name
- cadwyn
- View open source insights on deps.dev
- Purl
- pkg:pypi/cadwyn
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zmievsa/cadwyn
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.4.3
Affected versions
0.*
0.1.0
0.2.0
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.2.0
1.3.0
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.1.0rc0
2.1.0rc1
2.1.0
2.2.0
2.3.0rc0
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
3.*
3.0.0
3.0.1
3.0.2
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.2.0
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.4.0.dev0
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.5.0
3.6.0.dev0
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.7.0
3.7.1
3.8.0
3.9.0
3.9.1
3.10.0
3.10.1
3.11.0
3.11.1
3.12.0
3.12.1
3.13.0
3.14.0
3.15.0
3.15.1
3.15.2
3.15.3a1
3.15.3a2
3.15.3
3.15.4
3.15.5
3.15.6
3.15.7
3.15.8
3.15.9
3.15.10
4.*
4.0.0
4.1.0
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.4.3
4.4.5
4.5.0
4.6.0a1
4.6.0
5.*
5.0.0a1
5.0.0
5.1.0a1
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.2.0
5.2.1
5.2.2
5.3.0
5.3.1
5.3.2
5.3.3
5.4.1
5.4.2