URL Redirection to Untrusted Site ('Open Redirect') in bookwyrm

High

mouse-reeve published GHSA-xq42-mq5w-m24x

Aug 6, 2022

Package

bookwyrm (application)

Affected versions

<0.4.5

Patched versions

0.4.5

Description

Impact

Some links in BookWyrm don't have the correct protection when opening in a new tab, which can be axploited for phishing attacks.

Patches

Patched in version 0.4.5

###References

https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/

For more information

If you have any questions or comments about this advisory:

Open an issue in bookwyrm-social/bookwyrm
Email us at mousereeve@riseup.net