6.1

CVE-2020-36627

EPSS 0.07%
Published 25.12.2022 11:15:10
Last modified 21.11.2024 05:29:55
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 0.5.0 is able to address this issue. The name of the patch is 329b0c4844cc16a5a253c011b55180598e707735. It is recommended to upgrade the affected component. The identifier VDB-216745 was assigned to this vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Go-macaron ≫ I18n SwPlatformmacaron Version < 0.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.22

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	5.5	2.1	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/go-macaron/i18n/commit/329b0c4844cc16a5a253c011b55180598e707735

Patch

Third Party Advisory

https://github.com/go-macaron/i18n/releases/tag/v0.5.0

Third Party Advisory

Release Notes

https://vuldb.com/?id.216745

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-36627

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-36627

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-36627

EUVD