macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.
References
Link | Resource |
---|---|
https://github.com/go-macaron/macaron/issues/198 | Exploit Third Party Advisory |
https://github.com/go-macaron/macaron/releases/tag/v1.3.7 | Release Notes Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QEUOHRC4EN4WZ66EVFML2UCV7ZQ63XZ/ |
Configurations
History
07 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Oct 2022, 23:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QEUOHRC4EN4WZ66EVFML2UCV7ZQ63XZ/ - Mailing List, Third Party Advisory | |
First Time |
Fedoraproject
Fedoraproject fedora |
01 Jan 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-05-05 22:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-12666
Mitre link : CVE-2020-12666
CVE.ORG link : CVE-2020-12666
JSON object : View
Products Affected
fedoraproject
- fedora
go-macaron
- macaron
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')