CVE-2017-1000481: URL Redirection to Untrusted Site (Open Redirect)
(updated )
When you visit a page where you need to log in, Plone sends you to the login-form with a came_from
parameter set to the previous url. After you log in, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link.
References
Detect and mitigate CVE-2017-1000481 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →