101 matches found
OPENSUSE-SU-2026:21063-1 Security update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve
This update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve fixes the following issues: Changes in python-Markdown: - Fix tests with latest python version bsc1268243 Changes in python-joblib: - Update to 1.5.2:...
SUSE-SU-2026:22370-1 Security update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve
This update for python-Markdown, python-joblib, python-handy-archives, python-apache-libcloud, python-WebOb, python-PyGithub, python-soupsieve fixes the following issues: Changes in python-Markdown: - Fix tests with latest python version bsc1268243 Changes in python-joblib: - Update to 1.5.2:...
CVE-2026-44889
A flaw was found in WebOb, a library for HTTP requests and responses. A remote attacker could exploit this vulnerability by influencing the HTTP Location header during a redirect. Due to improper normalization of the Location header, specifically how certain ASCII characters are handled, an...
Linux Distros Unpatched Vulnerability : CVE-2026-44889
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an ope...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect in the normalization of the HTTP Location header during redirects. An attacker can redirect users to an arbitrary external site by supplying specially crafted input containing ASCII tab, carriage return, or newline...
DEBIAN-CVE-2026-44889
WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...
CVE-2026-44889
WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...
UBUNTU-CVE-2026-44889
WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...
CVE-2026-44889 WebOb: Location header normalization during redirect leads to open redirect
WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...
CVE-2026-44889
WebOb (HTTP request/response utilities) is affected prior to version 1.8.10 by an open redirect in Location header normalization during redirects. The vulnerability arises from how WebOb uses urljoin/urlsplit to combine the redirect target with the request URL; since Python 3.10, urlsplit strips ...
CVE-2026-44889
WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...
CVE-2026-44889 WebOb: Location header normalization during redirect leads to open redirect
WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...
OPENSUSE-SU-2026:11041-1 python-WebOb-doc-1.8.10-1.1 on GA media
These are all security issues fixed in the python-WebOb-doc-1.8.10-1.1 package on the GA media of openSUSE Tumbleweed...
OESA-2026-2679 python-webob security update
WebOb provides wrappers around the WSGI request environment, and an object to help create WSGI responses. The objects map much of the specified behavior of HTTP, including header parsing and accessors for other standard parts of the environment. Security Fixes: Impact When WebOb normalizes the HT...
curryproxy (=2.1.1), firefly-python (>=0.1.0 <=0.1.10) +15 more potentially affected by CVE-2026-44889 via webob (>=1.2.3 <=1.7.4)
webob PYPI version =1.2.3, =0.1.0, =3.0.21, =1.3.2, =0.6.12, =0.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =5.52.0rc1, =6.0.1 and more Source cves: CVE-2026-44889 Source advisory: OSV:GHSA-FH3H-VG37-CC95...
GHSA-FH3H-VG37-CC95 WebOb: Location header normalization during redirect leads to open redirect - again
Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urllib.parse, and joining it to the base URL. urlsplit called internally by urljoin however treats a // at the start of a string ...
WebOb: Location header normalization during redirect leads to open redirect - again
Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urllib.parse, and joining it to the base URL. urlsplit called internally by urljoin however treats a // at the start of a string ...
PT-2026-46304
Name of the Vulnerable Software and Affected Versions WebOb versions prior to 1.8.10 Description An open redirect occurs when the software normalizes the HTTP Location header to include the request hostname. The process involves parsing the redirect URL using Python's urllib.parse and joining it ...
RHCOS 9 : OpenShift Container Platform 4.16.14 (RHSA-2024:6827)
The remote Red Hat Enterprise Linux CoreOS 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6827 advisory. - webob: WebOb's location header normalization during redirect leads to open redirect CVE-2024-42353 Note that Nessus has not tested for this...
Astra Linux – Vulnerability in python-webob
WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user will be redirected to using Python’s urlparse function, and joining that parsed URL to the base URL. However, the...