MEDIUM 6.1
PYSEC-2026-631
Open Redirect in django-spirit
상세
django-spirit prior to version 0.12.3 is vulnerable to open redirect. In the /user/login endpoint, it doesn't check the value of the next parameter when the user is logged in and passes it directly to redirect which result to open redirect. This also affects /user/logout, /user/register, /user/login, /user/resend-activation.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2022-0869 [ADVISORY]
- https://github.com/nitely/spirit/commit/8f32f89654d6c30d56e0dd167059d32146fb32ef [WEB]
- https://github.com/nitely/spirit [PACKAGE]
- https://huntr.dev/bounties/ed335a88-f68c-4e4d-ac85-f29a51b03342 [WEB]
- https://pypi.org/project/django-spirit [PACKAGE]
- https://github.com/advisories/GHSA-5p9j-w2wx-qx4c [ADVISORY]