0.003 Low
EPSS
Percentile
69.3%
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
bugzilla.redhat.com/show_bug.cgi?id=1725740
nvd.nist.gov/vuln/detail/CVE-2019-13038
www.cve.org/CVERecord?id=CVE-2019-13038