Open Redirect Affecting django-embed-video package, versions [,0.3)


Severity

0.0
medium
0
10

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-DJANGOEMBEDVIDEO-40650
  • published 14 Sep 2017
  • disclosed 12 Aug 2013
  • credit Unknown

Introduced: 12 Aug 2013

CVE NOT AVAILABLE CWE-601 Open this link in a new tab

Overview

django-embed-video is for easy embeding YouTube and Vimeo videos and music fromSoundCloud.

Affected versions of this package are vulnerable to Open Redirect attacks due to no detection of faked urls.

References

CVSS Scores

version 3.1
Expand this section

Snyk

5.3 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    Low
  • Availability (A)
    None