CVE-2021-21377: OMERO webclient does not validate URL redirects on login or switching group.
(updated )
OMERO.web before 5.9.0
References
- github.com/advisories/GHSA-g4rf-pc26-6hmr
- github.com/ome/omero-web
- github.com/ome/omero-web/blob/master/CHANGELOG.md
- github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c
- github.com/ome/omero-web/security/advisories/GHSA-g4rf-pc26-6hmr
- github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2021-32.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-21377
- pypi.org/project/omero-web
- www.openmicroscopy.org/security/advisories/2021-SV2
Detect and mitigate CVE-2021-21377 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →