← voltar
CVE-2017-7266

CVE-2017-7266

EPSS 1.0%
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466https://github.com/Netflix/security_monkey/pull/482https://github.com/Netflix/security_monkey/releases/tag/v0.8.0http://www.securityfocus.com/bid/97088