2 matches found
CVE-2024-42353
CVE-2024-42353 affects the Python WebOb library. The issue arises when WebOb normalizes the HTTP Location header by joining a user-provided redirect URL to the base URL using Python’s urlparse/urljoin; if the redirect starts with ‘//’, urlparse treats the next segment as a hostname, causing urljo...
CVE-2026-44889
WebOb (HTTP request/response utilities) is affected prior to version 1.8.10 by an open redirect in Location header normalization during redirects. The vulnerability arises from how WebOb uses urljoin/urlsplit to combine the redirect target with the request URL; since Python 3.10, urlsplit strips ...