Homepage
About Snyk

webob@1.6.2 vulnerabilities

WSGI request and response object

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the webob package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
URL Redirection to Untrusted Site ('Open Redirect')

Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') via the normalization process of the HTTP Location header due to improper input parsing in the _make_location_absolute function. An attacker can redirect users to an attacker-controlled website by manipulating the URL input that lacks a scheme but starts with //, which leads the server to treat the subsequent string as the hostname, replacing the original intended destination.

How to fix URL Redirection to Untrusted Site ('Open Redirect')?

Upgrade WebOb to version 1.8.8 or higher.

[,1.8.8)
Go back to all versions of this package