blog-coeur (>=0.0.12 <=0.0.19), chat-portal (>=0.1.0 <=0.2.1) +8 more potentially affected by unknown CVE via instagrapi (>=2.0.0 <=2.6.6)

instagrapi PYPI version =2.0.0, =0.0.12, =0.1.0, =0.0.1, =0.1.0, =1.0.0, =1.3.7, =0.1.0, =0.1.0, =2.2.0, =1.0.2, =2.8.50 Source cves: unknown CVE Source advisory: OSV:GHSA-GGXF-37HM-9WQF...

instagrapi: Unsafe signup challenge path handling in instagrapi

instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intende...