CVE-2024-27291

{"id": "CVE-2024-27291", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-03-21T02:52:19.343", "references": [{"url": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch."}, {"lang": "es", "value": "Docassemble es un sistema experto para entrevistas guiadas y montaje de documentos. Antes de la versi\u00f3n 1.4.97, era posible crear una URL que actuara como redireccionamiento abierto. La vulnerabilidad ha sido parcheada en la versi\u00f3n 1.4.97 de la rama maestra."}], "lastModified": "2025-09-02T13:39:33.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jhpyle:docassemble:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "827A1F6D-7A85-483C-826A-51BF77A12047", "versionEndExcluding": "1.4.97"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}