CVE-2026-33885
MEDIUM6.1EPSS 0.05%Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential
發布日:2026/3/26修改日:2026/3/27
描述
### Impact The external URL detection used for redirect validation on unauthenticated endpoints could be bypassed, allowing users to be redirected to external URLs after actions like form submissions and authentication flows. ### Patches This has been fixed in 5.73.16 and 6.7.2.
受影響套件(1)
- Packagist/statamic/cmsfrom 0, < 5.73.16
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |