CVE-2023-34247

Опубликовано: 13 июн. 2023

Источник: nvd

CVSS3: 6.1

CVSS3: 4.1

EPSS Низкий

Описание

Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the @keystone-6/auth package.

Ссылки

https://github.com/keystonejs/keystone/pull/8626
Patch
Third Party Advisory
https://github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899m
Third Party Advisory
https://github.com/keystonejs/keystone/pull/8626
Patch
Third Party Advisory
https://github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899m
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:node.js:*:*

Версия до 7.0.0 (включая)

EPSS

Процентиль: 6%

0.00024

Низкий

6.1 Medium

CVSS3

4.1 Medium

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-jqxr-vjvv-899m

CVSS3: 6.1

github

больше 2 лет назад

@keystone-6/auth Open Redirect vulnerability

EPSS

Процентиль: 6%

0.00024

Низкий

6.1 Medium

CVSS3

4.1 Medium

CVSS3

Дефекты

CWE-601