9 matches found
EUVD-2024-0201
Malicious code in bioql PyPI...
Medium: python-webob
Issue Overview: WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treat...
RHEL 9 : RHOSP 17.1.4 (python-webob) (RHSA-2024:9983)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9983 advisory. WebOb provides wrappers around the WSGI request environment, and an object to help create WSGI responses. The objects map much of the specified...
webob: WebOb's location header normalization during redirect leads to open redirect
A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...
webob: WebOb's location header normalization during redirect leads to open redirect
A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : WebOb vulnerability (USN-6984-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6984-1 advisory. It was discovered that WebOb incorrectly handled certain URLs. An attacker could possibly use this issue to control a redirect or forward ...
academlo (>=0.0.1 <=0.0.3), afterburner (>=0.0.1 <=0.0.2) +140 more potentially affected by CVE-2024-42353 via webob (>=1.2.3 <=1.8.7)
webob PYPI version =1.2.3, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.0.2, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2024-42353 Source advisory: OSV:PYSEC-2024-188...
AZL-47826 CVE-2024-42353 affecting package python-webob for versions less than 1.8.8-1
WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...
PT-2024-6608 · Webob +6 · Webob +6
Name of the Vulnerable Software and Affected Versions: WebOb versions prior to 1.8.8 Description: The issue is related to the handling of HTTP Location headers in WebOb, where the urlparse and urljoin functions can be exploited to redirect users to arbitrary URLs. This occurs when the urlparse...