CVE-2020-12666

Name of the Vulnerable Software and Affected Versions macaron versions prior to 1.3.7

Description The issue is related to an open redirect in the static handler due to improper request sanitization. This allows a specifically crafted URL to cause the static file handler to redirect to an attacker-chosen URL, enabling open redirect attacks. An example of such a URL is http://127.0.0.1:4000//example.com/.

Recommendations For versions prior to 1.3.7, update to version 1.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the static handler to minimize the risk of exploitation. Avoid using crafted URLs that could trigger the open redirect until the issue is resolved.