Vulnerability	Vulnerable Version
M URL Redirection to Untrusted Site ('Open Redirect') Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') via the normalization process of the HTTP Location header due to improper input parsing in the `_make_location_absolute` function. An attacker can redirect users to an attacker-controlled website by manipulating the URL input that lacks a scheme but starts with `//`, which leads the server to treat the subsequent string as the hostname, replacing the original intended destination. How to fix URL Redirection to Untrusted Site ('Open Redirect')? Upgrade `WebOb` to version 1.8.8 or higher.	[,1.8.8)
M HTTP Response Splitting `webob` is a WSGI request and response object. Affected versions of this package are vulnerable to HTTP Response Splitting attacks. It is possible to set arbitrary headers in the HTTP response by embedding a \r or \n character in the header value, and sending it to the server.	[,1.6.0a0)

URL Redirection to Untrusted Site ('Open Redirect')

Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') via the normalization process of the HTTP Location header due to improper input parsing in the _make_location_absolute function. An attacker can redirect users to an attacker-controlled website by manipulating the URL input that lacks a scheme but starts with //, which leads the server to treat the subsequent string as the hostname, replacing the original intended destination.

How to fix URL Redirection to Untrusted Site ('Open Redirect')?

Upgrade WebOb to version 1.8.8 or higher.

[,1.8.8)

HTTP Response Splitting

webob is a WSGI request and response object.

Affected versions of this package are vulnerable to HTTP Response Splitting attacks. It is possible to set arbitrary headers in the HTTP response by embedding a \r or \n character in the header value, and sending it to the server.

[,1.6.0a0)

Go back to all versions of this package