Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-22432

Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.

CVE
#vulnerability#web#mac#windows#linux#apache#git#auth

web2pyTM Download

For Python 3.7

For Python 2.7

For Testers

For Developers

Windows binaries

Windows binaries

Windows binaries

Git Repository

Mac binaries

Mac binaries

Mac binaries

Manual

Source Code

Source Code

Source Code

Source code docs

Change Log

Report a Bug

The source code version works on Windows and most Unix systems, including Linux, BSD and Mac . It requires Python 3.5+ (recommended for new projects) or Python 2.7+ (stable, for use with legacy apps) already installed on your system.

There are also binary packages for Windows and MacOs. They include the Python interpreter version 3.7.4 or 2.7.16, so you do not need to have it pre-installed.

Instructions

With the binary packages, after download, just unzip it and then click on web2py.exe (Windows) or web2py (MacOs).

Note that on recent MacOs versions (10.12+) you could face problems in running the binary App program, due to the last changes to the security settings. In this case, press the ‘control’ key + click on downloaded file and then ‘open’ it (confirm the warnings). Finally move the program in Applications and run it from there.

If you prefer to run it from source with your own Python interpreter already installed, type:

or for more info type:

Caveats

After installation, every time you run it, web2py asks you to choose a password. This password is your administrative password. If the password is left blank, the administrative interface is disabled. The administrative interface /admin/default/index is only accessible via localhost and always requires a password.

Any url /a/b/c maps into a call to application a, controller b.py and function c in that controller.

You are strongly advised to also use Apache with mod_proxy or mod_wsgi to access applications in the framework. This allows better security and concurrency.

License

Web2py code is released under LGPLv3 License. This license does not extend to third party libraries distributed with web2py (which can be MIT, BSD or Apache type licenses) nor does it extend to applications built with web2py (under the terms of the LGPL.

Applications built with web2py can be released under any license the author wishes as long as they do not contain web2py code. They can link unmodified web2py libraries and they can be distributed with official web2py binaries. In particular web2py applications can be distributed in closed source. The admin interface provides a button to byte-code compile.

It is fine to distribute web2py (source or compiled) with your applications as long as you make it clear in the license where your application ends and web2py starts.

web2py is copyrighted by Massimo Di Pierro. The web2py trademark is owned by Massimo Di Pierro.

read more

Artwork

Stickers

Download WEB2PY artwork pack in editable .png format

Logo, Stickers and Layout developed by José V. Sousa and Bruno Rocha (at Blouweb) All rights reserved by Massimo Di Pierro © 2023

Favicon and HTML5 compatibility by Martin Mulone

Icon set made by Christian Burprich licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907