Lucene search
GoogleOSV:GHSA-J6JQ-3Q8P-XGG6HistoryMay 17, 2022 - 2:53 a.m.
Netflix Security Monkey Open Redirect vulnerability
2022-05-1702:53:10
Google
osv.dev
8
netflix
security monkey
open redirect
vulnerability
logout
functionality
next parameter
domain
host header
software
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the “next” parameter which then redirects to any domain irrespective of the Host header.
References
github.com/Netflix/security_monkey
github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466
github.com/Netflix/security_monkey/pull/482
github.com/Netflix/security_monkey/releases/tag/v0.8.0
nvd.nist.gov/vuln/detail/CVE-2017-7266
web.archive.org/web/20201220170714/www.securityfocus.com/bid/97088
Related
prion
prion
Open redirect
2017-03-26 05:59:00
github
github
Netflix Security Monkey Open Redirect vulnerability
2022-05-17 02:53:10
osv
osv
CVE-2017-7266
2017-03-26 05:59:00
nvd
nvd
CVE-2017-7266
2017-03-26 05:59:00
cvelist
cvelist
CVE-2017-7266
2017-03-26 05:47:00
cve
cve
CVE-2017-7266
2017-03-26 05:59:00