FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_auth_mellon -- Redirect URL validation bypass

Affected packages
mod_auth_mellon < 0.18.0

Details

VuXML ID 7bba5b3b-1b7f-11ec-b335-d4c9ef517024
Discovery 2021-07-30
Entry 2021-09-22

Jakub Hrozek reports:

Version 0.17.0 and older of mod_auth_mellon allows the redirect URL validation to be bypassed by specifying an URL formatted as ///fishing-site.example.com/logout.html

[source]

References

CVE Name CVE-2019-13038
URL https://github.com/latchset/mod_auth_mellon/releases/tag/v0.18.0

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.