webob@0.9.8 vulnerabilities

WSGI request and response object

Direct Vulnerabilities

Known vulnerabilities in the webob package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
URL Redirection to Untrusted Site ('Open Redirect')

Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') via the normalization process of the HTTP Location header due to improper input parsing in the _make_location_absolute function. An attacker can redirect users to an attacker-controlled website by manipulating the URL input that lacks a scheme but starts with //, which leads the server to treat the subsequent string as the hostname, replacing the original intended destination.

How to fix URL Redirection to Untrusted Site ('Open Redirect')?

Upgrade WebOb to version 1.8.8 or higher.

[,1.8.8)
  • M
HTTP Response Splitting

webob is a WSGI request and response object.

Affected versions of this package are vulnerable to HTTP Response Splitting attacks. It is possible to set arbitrary headers in the HTTP response by embedding a \r or \n character in the header value, and sending it to the server.

[,1.6.0a0)