CVE-2017-7266
Netflix Security Monkey Open Redirect vulnerability
6.1
MEDIUM
CVSS 3.1
EPSS 0.27%
Description
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
How to fix CVE-2017-7266
To remediate CVE-2017-7266, upgrade the affected package to a fixed version below.
- PyPI/security-monkey—upgrade to 0.8.0 or later
Is CVE-2017-7266 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.8.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |