{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27291", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-22T18:08:38.874Z", "datePublished": "2024-02-29T21:49:26.633Z", "dateUpdated": "2024-08-05T17:12:17.718Z"}, "containers": {"cna": {"title": "Docassemble open redirect", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr"}, {"name": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa", "tags": ["x_refsource_MISC"], "url": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa"}], "affected": [{"vendor": "jhpyle", "product": "docassemble", "versions": [{"version": "< 1.4.97", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-29T21:49:26.633Z"}, "descriptions": [{"lang": "en", "value": "Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch."}], "source": {"advisory": "GHSA-7wxf-r2qv-9xwr", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.899Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr"}, {"name": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-05T17:12:03.385073Z", "id": "CVE-2024-27291", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T17:12:17.718Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr", "name": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa", "name": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.899Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27291", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-05T17:12:03.385073Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T17:12:12.818Z"}}], "cna": {"title": "Docassemble open redirect", "source": {"advisory": "GHSA-7wxf-r2qv-9xwr", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "jhpyle", "product": "docassemble", "versions": [{"status": "affected", "version": "< 1.4.97"}]}], "references": [{"url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr", "name": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa", "name": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-02-29T21:49:26.633Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27291", "state": "PUBLISHED", "dateUpdated": "2024-08-05T17:12:17.718Z", "dateReserved": "2024-02-22T18:08:38.874Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-02-29T21:49:26.633Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jhpyle:docassemble:*:*:*:*:*:*:*:*", "matchCriteriaId": "827A1F6D-7A85-483C-826A-51BF77A12047", "versionEndExcluding": "1.4.97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch."}, {"lang": "es", "value": "Docassemble es un sistema experto para entrevistas guiadas y montaje de documentos. Antes de la versi\u00f3n 1.4.97, era posible crear una URL que actuara como redireccionamiento abierto. La vulnerabilidad ha sido parcheada en la versi\u00f3n 1.4.97 de la rama maestra."}], "id": "CVE-2024-27291", "lastModified": "2025-09-02T13:39:33.873", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-03-21T02:52:19.343", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}