What is CVE-2024-42353?

CVE-2024-42353 is a medium-severity vulnerability in Pylons Webob, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.1/10. Published 2024-08-14.

How severe is CVE-2024-42353?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Is CVE-2024-42353 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Open Redirect in Pylons Webob

CVE-2024-42353

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining…

Vulnerability class: Open Redirect

EPSS: 0.005 (38.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Pylons Webob — versions <= 1.8.7
Pylonsproject Webob

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

Public proof-of-concept exploits

haiyen11231/automation-tool-for-patch-backporting

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)
security-advisories@github.com (Patch, x_refsource_MISC)

Frequently asked questions

What is CVE-2024-42353?: CVE-2024-42353 is a medium-severity vulnerability in Pylons Webob, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.1/10. Published 2024-08-14.
How severe is CVE-2024-42353?: Medium severity. CVSS v3 base score is 6.1 out of 10.
Is CVE-2024-42353 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.