web2py
PyPI8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting web2pypage 1 of 1
- CVE-2016-10321CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.14.62017-04-10
vulnerable: 1.96.4, 1.98.2, 2.1.1
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.
- CVE-2016-3953CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.14.22018-02-06
vulnerable: 1.96.4, 1.98.2, 2.1.1
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.
- CVE-2016-3954MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.14.22018-02-06
vulnerable: 1.96.4, 1.98.2, 2.1.1
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-39…
- CVE-2016-4807MEDIUMCVSS 4.8EG 4.82017-01-11
vulnerable: 1.96.4, 1.98.2, 2.1.1
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
- CVE-2016-4808HIGHCVSS 8.8EG 8.8✓ Fixed in 2.14.62017-01-11
vulnerable: 1.96.4, 1.98.2, 2.1.1
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the instal…
- CVE-2022-33146MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.22.52022-06-27
vulnerable: 1.96.4, 1.98.2, 2.1.1
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
- CVE-2023-22432MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.23.12023-03-06
vulnerable: 1.96.4, 1.98.2, 2.1.1
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishi…
- CVE-2026-25198MEDIUMCVSS 4.7EG 4.7✓ Fixed in 3.1.12026-02-05
vulnerable: 1.96.4, 1.98.2, 2.1.1
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As…
Check whether web2py is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for web2py CVEs against the assets you own.
Start Free Scan →