{"id":"CVE-2017-7266","details":"Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the \"next\" parameter which then redirects to any domain irrespective of the Host header.","aliases":["GHSA-j6jq-3q8p-xgg6"],"modified":"2026-02-19T07:16:43.162901Z","published":"2017-03-26T05:59:00.273Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/97088"},{"type":"ADVISORY","url":"https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466"},{"type":"ADVISORY","url":"https://github.com/Netflix/security_monkey/pull/482"},{"type":"ADVISORY","url":"https://github.com/Netflix/security_monkey/releases/tag/v0.8.0"},{"type":"FIX","url":"https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/netflix/security_monkey","events":[{"introduced":"0"},{"last_affected":"eefef7a8e4e8bd7ef1f427b97a28f58a404caa1d"}]}],"versions":["0.3.0","0_1_2_test_1","0_2_0","S3ACLReturnedNoneDisplayName_exception_spelling","add_ELBSecurityPolicy-2015-05_issue_154","add_s3_getbuckettagging_permission","alembic_version_595e27f36454_fails_on_clean_db","cascade_account_deletes","configurable_api_server","connect_ses_exception_not_caught","documentation_fixes","exception_with_elbs_missing_PolicyDescriptions_section","issue_117_auditorsettings_never_created","issue_12_deleting_account_foreign_key_constraint","issue_156_configurable_threadcount","issue_329_watcher_exception","issue_331_ssl_watcher_fails_on_elliptic_curve","issue_42_elb_pagination_broke_elb_watcher","issue_52_iam_users_missing_pagination","issue_98_iamgroup_watcher_missing_boto_markers","lsv0.3.4","managed_policies_python_scoping_issue_149","missing_ignorelist_alembic_script","quickstart_manage_amazon_accounts_fix","sns_name_overflow_issue_152","unenforced_field_limits_throw_exceptions","update_quickstart_documentation","upgrade_cryptography_1.3.1","upgrade_flask_security","v0.3.4","v0.3.5","v0.3.8","v0.3.9","v0.4.0","v0.4.1","v0.5.0","v0.6.0","v0.7.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7266.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}