Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/56735?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56735?format=api", "vulnerability_id": "VCID-gyx5-u4sy-syge", "summary": "CodeChecker open redirect when URL contains multiple slashes after the product name\nSummary\n---\n\nCodeChecker versions up to 6.24.5 contain an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL's path segment. This results in bypassing protections against CVE-2021-28861, leading to the same open redirect pathway.\n\nDetails\n---\n\nCodeChecker processes GET requests by first rewriting the path segment of the URL, and then passing the rewritten URL to the webserver framework.\nWhen trimming the product name from the URL, no sanitization was performed on the remaining URL, which reintroduced the same issue as CVE-2021-28861, leading to the same open redirect pathway using URLs such as `/Default//attacker.com/%2f..`.\n\nImpact\n---\n\nThe vulnerability allows an attacker to create a hyperlink that looks like a legitimate CodeChecker URL, but redirects to an attacker-supplied website when clicked.", "aliases": [ { "alias": "CVE-2025-1300" }, { "alias": "GHSA-g839-x3p3-g5fm" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41778?format=api", "purl": "pkg:pypi/codechecker@6.16.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-ckmm-q8cj-8ba2" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.16.0a1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41779?format=api", "purl": "pkg:pypi/codechecker@6.16.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-ckmm-q8cj-8ba2" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.16.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/41780?format=api", "purl": "pkg:pypi/codechecker@6.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-ckmm-q8cj-8ba2" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.17.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/41781?format=api", "purl": "pkg:pypi/codechecker@6.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-ckmm-q8cj-8ba2" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/41782?format=api", "purl": "pkg:pypi/codechecker@6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-ckmm-q8cj-8ba2" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41783?format=api", "purl": "pkg:pypi/codechecker@6.18.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.18.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/41784?format=api", "purl": "pkg:pypi/codechecker@6.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.19.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/41785?format=api", "purl": "pkg:pypi/codechecker@6.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.19.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41786?format=api", "purl": "pkg:pypi/codechecker@6.20.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.20.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41787?format=api", "purl": "pkg:pypi/codechecker@6.20.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.20.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/41788?format=api", "purl": "pkg:pypi/codechecker@6.21.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.21.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41789?format=api", "purl": "pkg:pypi/codechecker@6.21.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.21.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/41790?format=api", "purl": "pkg:pypi/codechecker@6.22.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41791?format=api", "purl": "pkg:pypi/codechecker@6.22.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/41792?format=api", "purl": "pkg:pypi/codechecker@6.22.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41793?format=api", "purl": "pkg:pypi/codechecker@6.22.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/41794?format=api", "purl": "pkg:pypi/codechecker@6.22.2.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.22.2.post1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41795?format=api", "purl": "pkg:pypi/codechecker@6.23.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-dxb5-cwgk-6uhg" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.23.0rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/41796?format=api", "purl": "pkg:pypi/codechecker@6.23.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.23.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43802?format=api", "purl": "pkg:pypi/codechecker@6.23.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.23.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/43803?format=api", "purl": "pkg:pypi/codechecker@6.24.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/43804?format=api", "purl": "pkg:pypi/codechecker@6.24.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-34z1-k1dg-uqhh" }, { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-h6wn-2dtj-q7hq" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/43805?format=api", "purl": "pkg:pypi/codechecker@6.24.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/44336?format=api", "purl": "pkg:pypi/codechecker@6.24.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6urc-avwv-vbdk" }, { "vulnerability": "VCID-8qpt-75sy-mbes" }, { "vulnerability": "VCID-gyx5-u4sy-syge" }, { "vulnerability": "VCID-hjn3-aj1e-1ybc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/codechecker@6.24.4" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31129", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31029", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31061", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31095", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1300" }, { "reference_url": "https://github.com/Ericsson/codechecker", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Ericsson/codechecker" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1300", "reference_id": "CVE-2025-1300", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1300" }, { "reference_url": "https://github.com/advisories/GHSA-g839-x3p3-g5fm", "reference_id": "GHSA-g839-x3p3-g5fm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g839-x3p3-g5fm" }, { "reference_url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm", "reference_id": "GHSA-g839-x3p3-g5fm", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T14:38:08Z/" } ], "url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm" } ], "weaknesses": [ { "cwe_id": 601, "name": "URL Redirection to Untrusted Site ('Open Redirect')", "description": "A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyx5-u4sy-syge" }