What is the vulnerability ID of this flaw in macaron?

The vulnerability ID is CVE-2020-12666.

What is the severity level of CVE-2020-12666?

The severity level of CVE-2020-12666 is medium.

Which software versions are affected by CVE-2020-12666?

The affected software versions are macaron before 1.3.7, gopkg.in/macaron.v1 before 1.3.7, and redhat/macaron before 1.3.7.

What is the vulnerability description of CVE-2020-12666?

CVE-2020-12666 is a flaw in macaron that allows for open redirect attacks due to improper request sanitization.

Where can I find more information about CVE-2020-12666?

You can find more information about CVE-2020-12666 at the following references: [CVE-2020-12666](https://www.cve.org/CVERecord?id=CVE-2020-12666), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-12666), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1850034), [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2020:3369).

Vulnerability/
CVE-2020-12666

medium

6.1

CWE

601

5/5/2020

18/5/2021

4/8/2024

CVE-2020-12666

First published: Tue May 05 2020(Updated: )

A flaw was found in macaron. Path URLs aren't cleaned before being redirected creating an open redirect in the static handler.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/kiali	<0:v1.12.10.redhat2-1.el7	0:v1.12.10.redhat2-1.el7
redhat/ior	<0:1.1.6-1.el8	0:1.1.6-1.el8
redhat/servicemesh	<0:1.1.6-1.el8	0:1.1.6-1.el8
redhat/servicemesh-cni	<0:1.1.6-1.el8	0:1.1.6-1.el8
redhat/servicemesh-grafana	<0:6.4.3-13.el8	0:6.4.3-13.el8
redhat/servicemesh-operator	<0:1.1.6-2.el8	0:1.1.6-2.el8
redhat/servicemesh-prometheus	<0:2.14.0-14.el8	0:2.14.0-14.el8
redhat/macaron	<1.3.7	1.3.7
go/gopkg.in/macaron.v1	<1.3.7	1.3.7
go-macaron	<1.3.7
Fedoraproject Fedora	=32

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

RHSA-2020:3369

Frequently Asked Questions

What is the vulnerability ID of this flaw in macaron?
The vulnerability ID is CVE-2020-12666.
What is the severity level of CVE-2020-12666?
The severity level of CVE-2020-12666 is medium.
Which software versions are affected by CVE-2020-12666?
The affected software versions are macaron before 1.3.7, gopkg.in/macaron.v1 before 1.3.7, and redhat/macaron before 1.3.7.
What is the vulnerability description of CVE-2020-12666?
CVE-2020-12666 is a flaw in macaron that allows for open redirect attacks due to improper request sanitization.
Where can I find more information about CVE-2020-12666?
You can find more information about CVE-2020-12666 at the following references: [CVE-2020-12666](https://www.cve.org/CVERecord?id=CVE-2020-12666), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2020-12666), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1850034), [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2020:3369).

collector/redhat-cve
agent/author
agent/type
agent/severity
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-12666
agent/software-canonical-lookup
collector/github-advisory-latest
source/GitHub
alias/GHSA-733f-44f3-3frw
agent/description
agent/references
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
package-manager/redhat
package-manager/go
vendor/go-macaron
canonical/go-macaron
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32