Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Redirect
Vulnerability Description
This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Gophish 输入验证错误漏洞
Vulnerability Description
Gophish是一款开源的网络钓鱼框架。 Gophish 0.12.0之前版本存在安全漏洞,攻击者利用该漏洞可将用户重定向到相对url。
CVSS Information
N/A
Vulnerability Type
N/A