{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35747?format=json","vulnerability_id":"VCID-rcr6-m1qq-dfad","summary":"Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.1. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to `2.6.1` and re-run the buildout, or if you used `pip` simply do `pip install \"Products.PluggableAuthService>=2.6.1\".","aliases":[{"alias":"CVE-2021-21337"},{"alias":"GHSA-p44j-xrqg-4xrr"},{"alias":"PYSEC-2021-45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20264?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.6.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.6.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20219?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/20220?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.5.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.5.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20221?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/20222?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/20223?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/20224?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/20225?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20226?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/20227?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/20228?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/20229?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.6.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.6.5"},{"url":"http://public2.vulnerablecode.io/api/packages/20230?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/20231?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.0b2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.0b2"},{"url":"http://public2.vulnerablecode.io/api/packages/20232?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/20233?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20234?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/20235?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/20236?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/20237?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/20238?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.6"},{"url":"http://public2.vulnerablecode.io/api/packages/20239?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.7"},{"url":"http://public2.vulnerablecode.io/api/packages/20240?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.7.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.7.8"},{"url":"http://public2.vulnerablecode.io/api/packages/20241?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/20242?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/20243?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/20244?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/20245?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20246?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/20247?format=json","purl":"pkg:pypi/products-pluggableauthservice@1.11.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@1.11.3"},{"url":"http://public2.vulnerablecode.io/api/packages/20248?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/20249?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.0b2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b2"},{"url":"http://public2.vulnerablecode.io/api/packages/20250?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.0b3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b3"},{"url":"http://public2.vulnerablecode.io/api/packages/20251?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.0b4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b4"},{"url":"http://public2.vulnerablecode.io/api/packages/20252?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.0b5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b5"},{"url":"http://public2.vulnerablecode.io/api/packages/20253?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.0b6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0b6"},{"url":"http://public2.vulnerablecode.io/api/packages/20254?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/20255?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20256?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20257?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/20258?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20259?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/20260?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/20261?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/20262?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-q8ef-gy9e-ykfb"},{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20263?format=json","purl":"pkg:pypi/products-pluggableauthservice@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rcr6-m1qq-dfad"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/products-pluggableauthservice@2.6.0"}],"references":[{"reference_url":"https://github.com/zopefoundation/Products.PluggableAuthService/commit/7eead067898852ebd3e0f143bc51295928528dfa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/zopefoundation/Products.PluggableAuthService/commit/7eead067898852ebd3e0f143bc51295928528dfa"},{"reference_url":"https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p44j-xrqg-4xrr","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p44j-xrqg-4xrr"},{"reference_url":"https://pypi.org/project/Products.PluggableAuthService/","reference_id":"","reference_type":"","scores":[],"url":"https://pypi.org/project/Products.PluggableAuthService/"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rcr6-m1qq-dfad"}