3.5 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
13 packages
- busybox
- gobusybox
- busybox-sandbox-shell
- python312Packages.busypie
- python313Packages.busypie
- python314Packages.busypie
- minimal-bootstrap.busybox-static
- python312Packages.busylight-core
- python313Packages.busylight-core
- python314Packages.busylight-core
- python312Packages.busylight-for-humans
- python313Packages.busylight-for-humans
- python314Packages.busylight-for-humans
- @LeSuisse dismissed
busy Callback app.js redirect
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
References
- VDB-346661 | busy Callback app.js redirect vdb-entry technical-description
- VDB-346661 | CTI Indicators (IOB, IOC, TTP, IOA) signature permissions-required
- Submit #753299 | busyorg busy <=2.5.5 Open Redirect third-party-advisory
- https://github.com/busyorg/busy/issues/2287 issue-tracking
- https://github.com/busyorg/busy/issues/2287#issue-3905518966 issue-tracking exploit
Affected products
- ==2.5.1
- ==2.5.4
- ==2.5.2
- ==2.5.0
- ==2.5.5
- ==2.5.3
Ignored packages (13)
pkgs.busybox
Tiny versions of common UNIX utilities in a single small executable
pkgs.gobusybox
Tools for compiling many Go commands into one binary to save space
-
nixos-unstable 0.2.0-unstable-2024-03-05
- nixpkgs-unstable 0.2.0-unstable-2024-03-05
- nixos-unstable-small 0.2.0-unstable-2024-03-05
-
nixos-25.11 0.2.0-unstable-2024-03-05
- nixos-25.11-small 0.2.0-unstable-2024-03-05
- nixpkgs-25.11-darwin 0.2.0-unstable-2024-03-05
pkgs.busybox-sandbox-shell
Tiny versions of common UNIX utilities in a single small executable
pkgs.python312Packages.busypie
Expressive busy wait for Python
pkgs.python313Packages.busypie
Expressive busy wait for Python
pkgs.python314Packages.busypie
Expressive busy wait for Python
pkgs.minimal-bootstrap.busybox-static
Tiny versions of common UNIX utilities in a single small executable
pkgs.python312Packages.busylight-core
Library for interacting programmatically with USB-connected LED lights
pkgs.python313Packages.busylight-core
Library for interacting programmatically with USB-connected LED lights
pkgs.python314Packages.busylight-core
Library for interacting programmatically with USB-connected LED lights
pkgs.python312Packages.busylight-for-humans
Control USB connected presence lights from multiple vendors via the command-line or web API
pkgs.python313Packages.busylight-for-humans
Control USB connected presence lights from multiple vendors via the command-line or web API
pkgs.python314Packages.busylight-for-humans
Control USB connected presence lights from multiple vendors via the command-line or web API