PT-2025-45782 · Pypi · Datasette

Publicado

2025-11-06

·

Atualizado

2025-11-06

CVSS v4.0

2.7

Baixa

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

Impact

Deployed instances of Datasette prior to 0.65.2 and 1.0a21 include an open redirect vulnerability.
Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar.

Patches

This problem has been patched in both Datasette 0.65.2 and 1.0a21.

Workarounds

If Datasette is running behind a proxy that proxy could be configured to replace // with / in incoming request URLs.

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

GHSA-W832-GG5G-X44M

Produtos afetados

Datasette