This bug was fixed in the package horizon - 3:18.3.2-0ubuntu0.20.04.4
--------------- horizon (3:18.3.2-0ubuntu0.20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: ensure next parameter is validated to prevent malicious URL injection - d/p/CVE-2020-29565.patch: Make sure the next URL is in the same origin as Horizon before redirecting to it. - CVE-2020-29565
-- Corey Bryant <email address hidden> Tue, 08 Dec 2020 15:29:47 -0500
This bug was fixed in the package horizon - 3:18.3. 2-0ubuntu0. 20.04.4
--------------- 2-0ubuntu0. 20.04.4) focal-security; urgency=medium
horizon (3:18.3.
* SECURITY UPDATE: ensure next parameter is validated to prevent malicious 2020-29565. patch: Make sure the next URL is in the same origin
URL injection
- d/p/CVE-
as Horizon before redirecting to it.
- CVE-2020-29565
-- Corey Bryant <email address hidden> Tue, 08 Dec 2020 15:29:47 -0500