The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about URL Redirection to Untrusted Site ('Open Redirect') vulnerabilities in an interactive lesson.
Start learningUpgrade WebOb
to version 1.8.8 or higher.
Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') via the normalization process of the HTTP Location header due to improper input parsing in the _make_location_absolute
function.
An attacker can redirect users to an attacker-controlled website by manipulating the URL input that lacks a scheme but starts with //
, which leads the server to treat the subsequent string as the hostname, replacing the original intended destination.