CVE-2017-7266 – security_monkey

Package

Manager: pip
Name: security_monkey
Vulnerable Version: >=0 <0.8.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00244 pctl0.47563

Details

Netflix Security Monkey Open Redirect vulnerability Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

Metadata

Created: 2022-05-17T02:53:10Z
Modified: 2024-04-08T19:00:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j6jq-3q8p-xgg6/GHSA-j6jq-3q8p-xgg6.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-j6jq-3q8p-xgg6
Finding: F156
Auto approve: 1