CVE-2022-4589 — Terms and Conditions Module vulnerable to Open Redirect

描述

A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.10 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.11 can address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175.

如何修補 CVE-2022-4589

要修補 CVE-2022-4589,請將受影響套件升級到下列已修補版本。

—升級至 2.0.11 或更新版本

CVE-2022-4589 正在被利用嗎?

低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。

受影響套件(1)

from 0, < 2.0.11

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-4589
PATCHgithub.com/cyface/django-termsandconditions
WEBgithub.com/cyface/django-termsandconditions/commit/03396a1c2e0af95e12a45c5faef7e47a4b513e1a
WEBgithub.com/cyface/django-termsandconditions/pull/239