PYSEC-2026-1310

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/docassemble-webapp/PYSEC-2026-1310.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1310
Aliases
Published
2026-07-07T11:45:33.892511Z
Modified
2026-07-07T17:46:38.908044051Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Docassemble open redirect
Details

Impact

It is possible to create a URL that acts as an open redirect.

Patches

The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched.

Workarounds

If upgrading is not possible, manually apply the changes of 4801ac7 and restart the server (e.g., by pressing Save on the Configuration screen).

Credit

The vulnerability was discovered by Riyush Ghimire (@richighimi).

For more information

If you have any questions or comments about this advisory:

References

Affected packages

PyPI / docassemble-webapp

Package

Name
docassemble-webapp
View open source insights on deps.dev
Purl
pkg:pypi/docassemble-webapp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.97

Affected versions

1.*
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.1.19
1.1.20
1.1.21
1.1.22
1.1.23
1.1.24
1.1.25
1.1.26
1.1.27
1.1.28
1.1.29
1.1.30
1.1.31
1.1.32
1.1.33
1.1.34
1.1.35
1.1.36
1.1.37
1.1.38
1.1.39
1.1.40
1.1.41
1.1.42
1.1.43
1.1.44
1.1.45
1.1.46
1.1.47
1.1.48
1.1.49
1.1.50
1.1.51
1.1.52
1.1.53
1.1.54
1.1.55
1.1.56
1.1.57
1.1.58
1.1.59
1.1.60
1.1.61
1.1.62
1.1.63
1.1.64
1.1.65
1.1.66
1.1.67
1.1.68
1.1.69
1.1.70
1.1.71
1.1.72
1.1.73
1.1.74
1.1.75
1.1.76
1.1.77
1.1.78
1.1.79
1.1.80
1.1.81
1.1.82
1.1.83
1.1.84
1.1.85
1.1.86
1.1.87
1.1.88
1.1.89
1.1.90
1.1.91
1.1.92
1.1.93
1.1.94
1.1.95
1.1.96
1.1.97
1.1.98
1.1.99
1.1.100
1.1.101
1.1.102
1.1.103
1.1.104
1.1.105
1.1.106
1.1.107
1.1.108
1.1.109
1.1.110
1.1.111
1.1.112
1.1.113
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
1.2.18
1.2.19
1.2.20
1.2.21
1.2.22
1.2.23
1.2.24
1.2.25
1.2.26
1.2.27
1.2.28
1.2.29
1.2.30
1.2.31
1.2.32
1.2.33
1.2.34
1.2.35
1.2.36
1.2.37
1.2.38
1.2.39
1.2.40
1.2.41
1.2.42
1.2.43
1.2.44
1.2.45
1.2.46
1.2.47
1.2.48
1.2.49
1.2.50
1.2.51
1.2.52
1.2.53
1.2.54
1.2.55
1.2.56
1.2.57
1.2.58
1.2.59
1.2.60
1.2.61
1.2.62
1.2.63
1.2.64
1.2.65
1.2.66
1.2.67
1.2.68
1.2.69
1.2.70
1.2.71
1.2.72
1.2.73
1.2.74
1.2.75
1.2.76
1.2.77
1.2.78
1.2.79
1.2.80
1.2.81
1.2.82
1.2.83
1.2.84
1.2.85
1.2.86
1.2.87
1.2.88
1.2.89
1.2.90
1.2.91
1.2.92
1.2.93
1.2.94
1.2.95
1.2.96
1.2.97
1.2.98
1.2.99
1.2.100
1.2.101
1.2.102
1.2.103
1.2.104
1.2.105
1.2.106
1.2.107
1.2.108
1.2.109
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.15
1.3.16
1.3.17
1.3.18
1.3.19
1.3.20
1.3.21
1.3.22
1.3.23
1.3.24
1.3.25
1.3.26
1.3.27
1.3.28
1.3.29
1.3.30
1.3.31
1.3.32
1.3.33
1.3.34
1.3.35
1.3.36
1.3.37
1.3.38
1.3.39
1.3.40
1.3.41
1.3.42
1.3.43
1.3.44
1.3.45
1.3.46
1.3.47
1.3.48
1.3.49
1.3.50
1.3.51
1.3.52
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.35
1.4.36
1.4.37
1.4.38
1.4.39
1.4.40
1.4.41
1.4.42
1.4.43
1.4.44
1.4.45
1.4.46
1.4.47
1.4.48
1.4.49
1.4.50
1.4.51
1.4.52
1.4.53
1.4.54
1.4.55
1.4.56
1.4.57
1.4.58
1.4.59
1.4.60
1.4.61
1.4.62
1.4.63
1.4.64
1.4.65
1.4.66
1.4.67
1.4.68
1.4.69
1.4.70
1.4.71
1.4.72
1.4.73
1.4.74
1.4.75
1.4.76
1.4.77
1.4.78
1.4.79
1.4.80
1.4.81
1.4.82
1.4.83
1.4.84
1.4.85
1.4.86
1.4.87
1.4.88
1.4.89
1.4.90
1.4.91
1.4.92
1.4.93
1.4.94
1.4.95
1.4.96

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/docassemble-webapp/PYSEC-2026-1310.yaml"