Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open redirect endpoint in Datasette
Vulnerability Description
Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Datasette 输入验证错误漏洞
Vulnerability Description
Datasette是Simon Willison个人开发者的应用软件用于探索和发布数据的开源多功能工具 Datasette 0.65.1及之前版本和1.0a0版本至1.0a19版本存在输入验证错误漏洞,该漏洞源于路径处理不当,可能导致开放重定向攻击。
CVSS Information
N/A
Vulnerability Type
N/A