{"id":"CVE-2022-33146","details":"Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.","aliases":["GHSA-cgrj-xjm7-9q27"],"modified":"2026-04-10T04:48:26.959811Z","published":"2022-06-27T01:15:07.290Z","references":[{"type":"ADVISORY","url":"http://web2py.com/"},{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN02158640/index.html"},{"type":"FIX","url":"https://github.com/web2py/web2py/commit/a181b855a43cb8b479d276b082cfcde385768451"},{"type":"FIX","url":"https://github.com/web2py/web2py/commit/d9805606f88f00c0be56438247605cefde73e14e#diff-c1d01f37ee54d813815718760b9c4d7b274e2be7ad18f65552cd564336ab593bR110"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/web2py/web2py","events":[{"introduced":"0"},{"fixed":"b40b973264238792b759f6aae1651b35d17d74a6"},{"fixed":"a181b855a43cb8b479d276b082cfcde385768451"},{"fixed":"d9805606f88f00c0be56438247605cefde73e14e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.22.5"}]}}],"versions":["2.18.4","2.19.1","R-2.10.1","R-2.10.2","R-2.10.3","R-2.10.4","R-2.10.4.beta","R-2.11.1","R-2.11.2","R-2.12.1","R-2.12.2","R-2.12.3","R-2.13.1","R-2.13.2","R-2.13.3","R-2.13.4","R-2.14.1","R-2.14.2","R-2.14.3","R-2.14.4","R-2.14.5","R-2.14.6","R-2.15.0b2","R-2.15.1","R-2.15.2","R-2.15.3","R-2.15.4","R-2.16.0b1","R-2.16.1","R-2.17.1","R-2.17.2","R-2.18.2","R-2.18.3","R-2.18.5","R-2.22.4","R-2.4.2","R-2.4.3","R-2.4.4","R-2.4.5","R-2.4.6","R-2.4.7","R-2.5.1","R-2.6.1","R-2.6.2","R-2.6.3","R-2.6.4","R-2.7.1","R-2.7.2","R-2.7.3","R-2.7.4","R-2.8.1","R-2.8.2","R-2.9.10","R-2.9.11","R-2.9.12","R-2.9.2","R-2.9.3","R-2.9.4","R-2.9.5","R-2.9.6","R-2.9.7","R-2.9.8","R-2.9.9","latest","v2.19.1","v2.19.2","v2.20.1","v2.20.2","v2.20.3","v2.20.4","v2.21.1","v2.22.1","v2.22.2","v2.22.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33146.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}