CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (835)
page 39 of 42| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-29651 | — | 0.00 | — | 0.01 | Apr 2, 2021 | Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). | ||
| CVE-2021-21377 | 0.00 | — | 0.01 | Mar 23, 2021 | OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites.… | |||
| CVE-2021-21338 | 0.00 | — | 0.01 | Mar 23, 2021 | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and… | |||
| CVE-2021-21337 | — | 0.00 | — | 0.08 | Mar 8, 2021 | Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the… | ||
| CVE-2021-21273 | 0.00 | — | 0.02 | Feb 26, 2021 | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when… | |||
| CVE-2021-21330 | 0.00 | — | 0.02 | Feb 26, 2021 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a… | |||
| CVE-2021-3189 | — | 0.00 | — | 0.01 | Feb 19, 2021 | The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | ||
| CVE-2021-22881 | — | 0.00 | — | 0.87 | Feb 11, 2021 | The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users… | ||
| CVE-2020-10734 | 0.00 | — | 0.00 | Feb 11, 2021 | A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable. | |||
| CVE-2021-21291 | 0.00 | — | 0.01 | Feb 2, 2021 | OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a… | |||
| CVE-2020-35678 | — | 0.00 | — | 0.01 | Dec 27, 2020 | Autobahn|Python before 20.12.3 allows redirect header injection. | ||
| CVE-2020-26275 | 0.00 | — | 0.01 | Dec 21, 2020 | The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect… | |||
| CVE-2020-29565 | — | 0.00 | — | 0.01 | Dec 4, 2020 | An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic… | ||
| CVE-2020-26232 | 0.00 | — | 0.01 | Nov 24, 2020 | Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably… | |||
| CVE-2020-26215 | 0.00 | — | 0.01 | Nov 18, 2020 | Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be… | |||
| CVE-2020-28724 | — | 0.00 | — | 0.02 | Nov 18, 2020 | Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. | ||
| CVE-2020-15241 | — | 0.00 | — | 0.01 | Oct 8, 2020 | TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated… | ||
| CVE-2020-15242 | 0.00 | — | 0.01 | Oct 8, 2020 | Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for… | |||
| CVE-2020-15233 | 0.00 | — | 0.01 | Oct 2, 2020 | ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is… | |||
| CVE-2020-15234 | 0.00 | — | 0.01 | Oct 2, 2020 | ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should… |
- CVE-2021-29651Apr 2, 2021risk 0.00cvss —epss 0.01
Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2).
- CVE-2021-21377Mar 23, 2021risk 0.00cvss —epss 0.01
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites.…
- CVE-2021-21338Mar 23, 2021risk 0.00cvss —epss 0.01
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and…
- CVE-2021-21337Mar 8, 2021risk 0.00cvss —epss 0.08
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the…
- CVE-2021-21273Feb 26, 2021risk 0.00cvss —epss 0.02
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when…
- CVE-2021-21330Feb 26, 2021risk 0.00cvss —epss 0.02
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a…
- CVE-2021-3189Feb 19, 2021risk 0.00cvss —epss 0.01
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
- CVE-2021-22881Feb 11, 2021risk 0.00cvss —epss 0.87
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users…
- CVE-2020-10734Feb 11, 2021risk 0.00cvss —epss 0.00
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.
- CVE-2021-21291Feb 2, 2021risk 0.00cvss —epss 0.01
OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a…
- CVE-2020-35678Dec 27, 2020risk 0.00cvss —epss 0.01
Autobahn|Python before 20.12.3 allows redirect header injection.
- CVE-2020-26275Dec 21, 2020risk 0.00cvss —epss 0.01
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect…
- CVE-2020-29565Dec 4, 2020risk 0.00cvss —epss 0.01
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic…
- CVE-2020-26232Nov 24, 2020risk 0.00cvss —epss 0.01
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably…
- CVE-2020-26215Nov 18, 2020risk 0.00cvss —epss 0.01
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be…
- CVE-2020-28724Nov 18, 2020risk 0.00cvss —epss 0.02
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
- CVE-2020-15241Oct 8, 2020risk 0.00cvss —epss 0.01
TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated…
- CVE-2020-15242Oct 8, 2020risk 0.00cvss —epss 0.01
Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for…
- CVE-2020-15233Oct 2, 2020risk 0.00cvss —epss 0.01
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is…
- CVE-2020-15234Oct 2, 2020risk 0.00cvss —epss 0.01
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should…