CVE-2021-21337: URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
(updated )
What kind of vulnerability is it? Who is impacted?
Open redirect vulnerability - a maliciously crafted link to the login form and login functionality could redirect the browser to a different website.
References
- github.com/advisories/GHSA-p44j-xrqg-4xrr
- github.com/pypa/advisory-database/tree/main/vulns/products-pluggableauthservice/PYSEC-2021-45.yaml
- github.com/zopefoundation/Products.PluggableAuthService
- github.com/zopefoundation/Products.PluggableAuthService/commit/7eead067898852ebd3e0f143bc51295928528dfa
- github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p44j-xrqg-4xrr
- nvd.nist.gov/vuln/detail/CVE-2021-21337
- pypi.org/project/Products.PluggableAuthService
Code Behaviors & Features
Detect and mitigate CVE-2021-21337 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →