CVE-2022-0869
Open Redirect in django-spirit
6.1
MEDIUM
CVSS 3.1
EPSS 7.6%
Description
django-spirit prior to version 0.12.3 is vulnerable to open redirect. In the /user/login endpoint, it doesn't check the value of the next parameter when the user is logged in and passes it directly to redirect which result to open redirect. This also affects /user/logout, /user/register, /user/login, /user/resend-activation.
How to fix CVE-2022-0869
To remediate CVE-2022-0869, upgrade the affected package to a fixed version below.
- —upgrade to 0.12.3 or later
Is CVE-2022-0869 being exploited?
Moderate — EPSS is 7.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 0.12.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |