CVE-2022-4589

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-4589

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4589.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-4589

Aliases

GHSA-6rmf-cv6p-4h27

Published

2022-12-17T13:15:09Z

Modified

2025-01-08T14:28:34.552658Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175.

References

Affected packages

Git / github.com/cyface/django-termsandconditions

Affected ranges

Type: GIT
Repo: https://github.com/cyface/django-termsandconditions
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

03396a1c2e0af95e12a45c5faef7e47a4b513e1a

Fixed

03396a1c2e0af95e12a45c5faef7e47a4b513e1a

Affected versions

1.*

1.2.14

V1.*

V1.2.15

v.*

v.1.2.6

v1.*

v1.1.15

v1.1.7

v1.1.8

v1.1.9

v1.2

v1.2.1

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.7

v1.2.8

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.8

v2.0.9