CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7266
https://notcve.org/view.php?id=CVE-2017-7266
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header. Netflix Security Monkey en versiones anteriores a 0.8.0 tiene un Open Redirect. La funcionalidad de cierre de sesión aceptó el parámetro "next" que entonces redirige a cualquier dominio independientemente del encabezado del Host. • http://www.securityfocus.com/bid/97088 https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466 https://github.com/Netflix/security_monkey/pull/482 https://github.com/Netflix/security_monkey/releases/tag/v0.8.0 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •