{"id":"PYSEC-2017-27","details":"python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection","aliases":["CVE-2017-1002150","GHSA-m242-wc86-8768"],"modified":"2026-02-22T22:49:25.177235Z","published":"2017-09-14T13:29:00Z","references":[{"type":"FIX","url":"https://github.com/fedora-infra/python-fedora/commit/b27f38a67573f4c989710c9bfb726dd4c1eeb929.patch"},{"type":"FIX","url":"https://github.com/fedora-infra/python-fedora/commit/b27f38a67573f4c989710c9bfb726dd4c1eeb929"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-m242-wc86-8768"}],"affected":[{"package":{"name":"python-fedora","ecosystem":"PyPI","purl":"pkg:pypi/python-fedora"},"ranges":[{"type":"GIT","repo":"https://github.com/fedora-infra/python-fedora","events":[{"introduced":"0"},{"fixed":"b27f38a67573f4c989710c9bfb726dd4c1eeb929.patch"},{"fixed":"b27f38a67573f4c989710c9bfb726dd4c1eeb929"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.0"}]}],"versions":["0.3.10","0.3.11","0.3.16","0.3.20","0.3.21","0.3.21a1","0.3.22","0.3.24","0.3.25","0.3.25.1","0.3.26","0.3.27","0.3.28","0.3.28.1","0.3.29","0.3.30","0.3.31","0.3.32.1","0.3.32.2","0.3.32.3","0.3.33","0.3.34","0.3.35","0.3.36","0.4.0","0.5.0","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.7.0","0.7.1","0.8.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/python-fedora/PYSEC-2017-27.yaml"}}],"schema_version":"1.7.3"}