Primary

Context

Hunvreus DevPush Open Redirect Vulnerability in Google Authorization Endpoint

Vulnerability

A vulnerability allowing open redirection has been identified in Hunvreus DevPush version 0.3.2. This issue resides in the Google authorization endpoint of the application. Attackers can exploit this vulnerability by sending users a crafted URL that redirects them to a malicious site.

Impact

Exploitation of this vulnerability could lead to phishing attacks, where users are redirected to fraudulent websites that may impersonate legitimate services or collect sensitive information.

Reproduction

To reproduce this vulnerability, send an authenticated user a crafted URL that includes the 'next' parameter pointing to an external domain. The URL should be formatted to include the DevPush host and the '/api/google/authorize' endpoint.

Remediation

Users can update to Hunvreus DevPush version 0.3.2 or later, where this vulnerability has been addressed.

Added: Apr 27, 2026, 5:27 PM

Updated: Apr 27, 2026, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.5

remediation

0.0

relevance

6.8

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.5

remediation

0.0

relevance

6.8

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hunvreus DevPush Open Redirect Vulnerability in Google Authorization Endpoint

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating