{"id":"CVE-2020-28724","details":"Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.","aliases":["GHSA-3p3h-qghp-hvh2","PYSEC-2020-157"],"modified":"2026-05-30T16:35:32.263410Z","published":"2020-11-18T15:15:12.990Z","references":[{"type":"REPORT","url":"https://github.com/pallets/flask/issues/1639"},{"type":"REPORT","url":"https://github.com/pallets/werkzeug/issues/822"},{"type":"FIX","url":"https://github.com/pallets/werkzeug/pull/890/files"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pallets/werkzeug","events":[{"introduced":"0"},{"fixed":"e6d0e510738952788fdd01bbfe5dfb2d8cff0ba4"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"0.11.6"}],"cpe":"cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["0.11.5","0.11.4","0.11.3","0.11.2","0.11.1","0.11","0.10","0.9","0.8","0.7","0.6.2","0.6.1","0.6","0.4.1","0.4","0.3","0.2","0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28724.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}