CVE-2017-7266: URL Redirection to Untrusted Site (Open Redirect)

March 26, 2017 (updated March 29, 2017)

Netflix Security Monkey has an Open Redirect. The logout functionality accepted the “next” parameter which then redirects to any domain irrespective of the Host header.

References

nvd.nist.gov/vuln/detail/CVE-2017-7266

Code Behaviors & Features

Detect and mitigate CVE-2017-7266 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →