-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from email templates automatically rendering user-controlled content as hyperlinks. The patch renamed templates to 'email_*.html' versions and added <a> wrappers without href attributes to prevent automatic URL detection. The functions in notification.py that invoked these vulnerable templates (access_token_added and user_password_changed) directly contributed to the open redirect vulnerability by passing unvalidated user input to templating logic that generated unsafe hyperlinks.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| rdiffweb | pip | < 2.5.5 | 2.5.5 |