Wiz
Vulnerability DatabaseCVE-2022-0637

CVE-2022-0637
Python vulnerability analysis and mitigation

Overview

An open redirect vulnerability was discovered in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6. The vulnerability allowed attackers to construct URLs within the application that could cause redirection to arbitrary external domains (Mozilla Bugzilla, CVE Mitre).

Technical details

The vulnerability existed when the application incorporated user-controllable data into the target of a redirection in an unsafe way. Specifically, by replacing '/v1/' with '/%0a/evil.com/projectX.htm/' in the URL, an attacker could cause the application to redirect users to malicious domains. The issue was reproducible on both pollbot.services.mozilla.com and pollbot.stage.mozaws.net (Mozilla Bugzilla).

Impact

The vulnerability could be leveraged to facilitate phishing attacks against users of the application. Since the initial URL was legitimate with a valid SSL certificate, it lent credibility to potential phishing attacks. Attackers could redirect victims to malicious sites, deliver malware, or create phishing pages that could steal user credentials while appearing to come from a trusted Mozilla domain (Mozilla Bugzilla).

Mitigation and workarounds

The vulnerability was fixed in pollbot version 1.4.6 and deployed to both pollbot.stage.mozaws.net and pollbot.services.mozilla.com (Mozilla Bugzilla).

Additional resources

SourceThis report was generated using AI

Related Python vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-67511CRITICAL9.6
  • PythonPython
  • cai-framework
NoNoDec 09, 2025
CVE-2025-66645HIGH7.5
  • PythonPython
  • nicegui
NoYesDec 09, 2025
GHSA-9rwj-6rc7-p77cHIGH7.3
  • PythonPython
  • langgraph-checkpoint-sqlite
NoYesDec 10, 2025
CVE-2025-67502MEDIUM5.4
  • PythonPython
  • taguette
NoYesDec 10, 2025
CVE-2025-67485MEDIUM5.3
  • PythonPython
  • mad-proxy
NoNoDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo