{"id":"CVE-2023-22432","details":"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.","aliases":["GHSA-w4r7-vm83-q2c7"],"modified":"2026-04-10T04:55:23.548519Z","published":"2023-03-06T00:15:10.700Z","references":[{"type":"WEB","url":"http://web2py.com/"},{"type":"WEB","url":"http://web2py.com/init/default/download"},{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN78253670/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/web2py/web2py","events":[{"introduced":"0"},{"fixed":"7af5c2b5d6e4fa7f708ed2c7e36e721322ec52a6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.23.1"}]}}],"versions":["2.18.4","2.19.1","R-2.10.1","R-2.10.2","R-2.10.3","R-2.10.4","R-2.10.4.beta","R-2.11.1","R-2.11.2","R-2.12.1","R-2.12.2","R-2.12.3","R-2.13.1","R-2.13.2","R-2.13.3","R-2.13.4","R-2.14.1","R-2.14.2","R-2.14.3","R-2.14.4","R-2.14.5","R-2.14.6","R-2.15.0b2","R-2.15.1","R-2.15.2","R-2.15.3","R-2.15.4","R-2.16.0b1","R-2.16.1","R-2.17.1","R-2.17.2","R-2.18.2","R-2.18.3","R-2.18.5","R-2.22.4","R-2.4.2","R-2.4.3","R-2.4.4","R-2.4.5","R-2.4.6","R-2.4.7","R-2.5.1","R-2.6.1","R-2.6.2","R-2.6.3","R-2.6.4","R-2.7.1","R-2.7.2","R-2.7.3","R-2.7.4","R-2.8.1","R-2.8.2","R-2.9.10","R-2.9.11","R-2.9.12","R-2.9.2","R-2.9.3","R-2.9.4","R-2.9.5","R-2.9.6","R-2.9.7","R-2.9.8","R-2.9.9","latest","v2.19.1","v2.19.2","v2.20.1","v2.20.2","v2.20.3","v2.20.4","v2.21.1","v2.22.1","v2.22.2","v2.22.3","v2.22.5","v2.23.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22432.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}