CVE-2017-7266 – security-monkey

Package

Manager: pip
Name: security-monkey
Vulnerable Version: =0.4.0 || >=0 <0.8.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00244 pctl0.47563

Details

Netflix Security Monkey Open Redirect vulnerability Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

Metadata

Created: 2022-05-17T02:53:10Z
Modified: 2024-04-10T18:58:56.030392Z
Source: https://osv-vulnerabilities
CWE IDs: ["CWE-601"]
Alternative ID: N/A
Finding: F156
Auto approve: 1