CVE-2024-42353 WebOb's location header normalization during redirect leads to open redirect

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...

GHSA-MG3V-6M49-JHP3 WebOb's location header normalization during redirect leads to open redirect

Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the start of a string as a URI without a scheme, and th...

academlo (>=0.0.1 <=0.0.3), afterburner (>=0.0.1 <=0.0.2) +140 more potentially affected by CVE-2024-42353 via webob (>=1.2.3 <=1.8.7)

webob PYPI version =1.2.3, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.0.2, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2024-42353 Source advisory: OSV:GHSA-MG3V-6M49-JHP3...

WebOb's location header normalization during redirect leads to open redirect

Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the start of a string as a URI without a scheme, and th...

WebOb 安全漏洞

WebOb is a WSGI request and response object from Pylons Open Source. A security vulnerability exists in WebOb versions prior to 1.8.8 that stems from the presence of an open redirect...

PT-2024-6608 · Webob +6 · Webob +6

Name of the Vulnerable Software and Affected Versions: WebOb versions prior to 1.8.8 Description: The issue is related to the handling of HTTP Location headers in WebOb, where the urlparse and urljoin functions can be exploited to redirect users to arbitrary URLs. This occurs when the urlparse...

Moderate: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: python-keystoneclient security, bug fix, and enhancement update

Updated python-keystoneclient packages that fix two security issues, one bug, and add one enhancement are now available for Red Hat OpenStack 3.0 Grizzly Preview. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CV...