{"id":"CVE-2019-6035","details":"Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.","aliases":["GHSA-9hg5-7hwc-v434"],"modified":"2026-04-11T20:26:30.887429Z","published":"2019-12-26T16:15:12.967Z","references":[{"type":"ADVISORY","url":"http://jvn.jp/en/jp/JVN57070811/index.html"},{"type":"FIX","url":"https://github.com/yahoo/athenz/pull/700"},{"type":"PACKAGE","url":"https://github.com/yahoo/athenz"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/AthenZ/athenz","events":[{"introduced":"0"},{"last_affected":"338bf6f92ac6e60734a37c319f8328e1fd6d965c"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:yahoo:athenz:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"1.8.24"}]}}],"versions":["v1.0","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v1.7.0","v1.7.1","v1.7.10","v1.7.11","v1.7.12","v1.7.13","v1.7.14","v1.7.15","v1.7.16","v1.7.17","v1.7.18","v1.7.19","v1.7.2","v1.7.20","v1.7.21","v1.7.22","v1.7.23","v1.7.24","v1.7.25","v1.7.26","v1.7.27","v1.7.28","v1.7.29","v1.7.3","v1.7.30","v1.7.31","v1.7.32","v1.7.33","v1.7.34","v1.7.35","v1.7.36","v1.7.37","v1.7.38","v1.7.39","v1.7.4","v1.7.40","v1.7.41","v1.7.42","v1.7.43","v1.7.44","v1.7.45","v1.7.46","v1.7.47","v1.7.48","v1.7.5","v1.7.50","v1.7.51","v1.7.52","v1.7.53","v1.7.54","v1.7.55","v1.7.6","v1.7.7","v1.7.8","v1.7.9","v1.8.1","v1.8.10","v1.8.11","v1.8.12","v1.8.13","v1.8.14","v1.8.15","v1.8.16","v1.8.17","v1.8.18","v1.8.19","v1.8.2","v1.8.20","v1.8.21","v1.8.22","v1.8.23","v1.8.24","v1.8.3","v1.8.4","v1.8.5","v1.8.6","v1.8.7","v1.8.8","v1.8.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6035.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}