GHSA-59fq-727j-hm3f

Опубликовано: 02 мар. 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

keycloak-connect contains Open redirect vulnerability in the Node.js adapter

There is an Open Redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using checkSSO with query param prompt=none.

Ссылки

Пакеты

Наименование

keycloak-connect

npm

Затронутые версииВерсия исправления

< 21.0.1

21.0.1

EPSS

Процентиль: 30%

0.00113

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2022-2237

Дефекты

CWE-601

Связанные уязвимости

CVE-2022-2237

CVSS3: 6.8

redhat

почти 3 года назад

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

CVE-2022-2237

CVSS3: 6.1

nvd

почти 3 года назад

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.

CVE-2022-2237

CVSS3: 6.1

debian

почти 3 года назад

A flaw was found in the Keycloak Node.js Adapter. This flaw allows an ...

EPSS

Процентиль: 30%

0.00113

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2022-2237

Дефекты

CWE-601