PYSEC-2026-919

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/security-monkey/PYSEC-2026-919.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-919
Aliases
Published
2026-07-06T08:03:25.106541Z
Modified
2026-07-07T11:45:22.003708689Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Netflix Security Monkey Open Redirect vulnerability
Details

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

References

Affected packages

PyPI / security-monkey

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.0

Affected versions

0.*
0.4.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/security-monkey/PYSEC-2026-919.yaml"