{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-16220","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-08-21T16:00:10.212Z","dateReserved":"2019-09-11T00:00:00.000Z","datePublished":"2019-09-11T13:06:57.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2024-08-21T16:00:10.212Z"},"descriptions":[{"lang":"en","value":"In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://wpvulndb.com/vulnerabilities/9863"},{"url":"https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/"},{"url":"https://core.trac.wordpress.org/changeset/45971"},{"url":"https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28"},{"name":"[debian-lts-announce] 20191017 [SECURITY] [DLA 1960-1] wordpress security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00023.html"},{"name":"20200108 [SECURITY] [DSA 4599-1] wordpress security update","tags":["mailing-list"],"url":"https://seclists.org/bugtraq/2020/Jan/8"},{"name":"DSA-4599","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2020/dsa-4599"},{"name":"DSA-4677","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2020/dsa-4677"}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-21T15:58:31.191Z"},"references":[{"url":"https://medium.com/@theodorejackson.us/rediscovering-an-old-vulnerability-cve-2019-16220-d25cc441752f"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpvulndb.com/vulnerabilities/9863"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://core.trac.wordpress.org/changeset/45971"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28"},{"name":"[debian-lts-announce] 20191017 [SECURITY] [DLA 1960-1] wordpress security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00023.html"},{"name":"20200108 [SECURITY] [DSA 4599-1] wordpress security update","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"https://seclists.org/bugtraq/2020/Jan/8"},{"name":"DSA-4599","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2020/dsa-4599"},{"name":"DSA-4677","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2020/dsa-4677"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}}]},"dataVersion":"5.1"}