Moderate severityNVD Advisory· Published Sep 11, 2022· Updated Sep 16, 2024
Open Redirect
CVE-2022-25295
Description
This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/gophish/gophishGo | < 0.12.0 | 0.12.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-hvw3-p9px-gpc9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25295ghsaADVISORY
- github.com/gophish/gophish/commit/2a452bda89ffdb85f929fa78290bce1f456881dcghsaWEB
- github.com/gophish/gophish/pull/2262ghsax_refsource_MISCWEB
- github.com/gophish/gophish/releases/tag/v0.12.0ghsaWEB
- security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.