CVE-2020-36663 : Security Advisory and Response

A vulnerability was discovered in Artesãos SEOTools up to version 0.17.1, affecting the makeTag function in the OpenGraph.php file. This vulnerability allows for open redirect exploitation. Upgrading to version 0.17.2 resolves the issue. The CVE has a base score of 5.5, categorizing it as MEDIUM severity.

Understanding CVE-2020-36663

This CVE pertains to an open redirect vulnerability found in Artesãos SEOTools.

What is CVE-2020-36663?

The CVE-2020-36663 vulnerability involves an issue in the makeTag function of the OpenGraph.php file in Artesãos SEOTools, allowing attackers to exploit open redirect.

The Impact of CVE-2020-36663

The vulnerability could be exploited by manipulating the 'value' argument, leading to open redirect attacks.

Technical Details of CVE-2020-36663

This section provides technical details about the vulnerability.

Vulnerability Description

The vulnerability in Artesãos SEOTools up to version 0.17.1 allows for open redirect due to improper handling of user-supplied data in the makeTag function of the OpenGraph.php file.

Affected Systems and Versions

Vendor: Artesãos
Product: SEOTools
Vulnerable Versions: 0.17.0, 0.17.1

Exploitation Mechanism

The manipulation of the 'value' argument in the makeTag function of OpenGraph.php can be exploited to conduct open redirect attacks.

Mitigation and Prevention

Protective measures to address the CVE-2020-36663 vulnerability.

Immediate Steps to Take

Upgrade Artesãos SEOTools to version 0.17.2 to mitigate the vulnerability.
Apply the patch named 'ca27cd0edf917e0bc805227013859b8b5a1f01fb' to address the issue.

Long-Term Security Practices

Regularly update software components to the latest versions to prevent vulnerabilities.
Implement input validation mechanisms to sanitize user-supplied data.

Patching and Updates

Upgrade to version 0.17.2 of Artesãos SEOTools to patch the vulnerability.