2 matches found
CVE-2026-55431 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...
PT-2024-29577 · Twisted +4 · Twisted +4
Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 24.7.0rc1 Description: The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL, this vulnerability may result in Reflected...