CVE-2021-22963

Опубликовано: 29 сент. 2021

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Advanced Cluster Management for Kubernetes 2	rhacm2/search-ui-rhel8	Affected
Red Hat Advanced Cluster Management for Kubernetes 2	acm-grafana-container	Fixed	RHSA-2022:0735	03.03.2022
Red Hat Advanced Cluster Management for Kubernetes 2	acm-must-gather-container	Fixed	RHSA-2022:0735	03.03.2022
Red Hat Advanced Cluster Management for Kubernetes 2	acm-operator-bundle-container	Fixed	RHSA-2022:0735	03.03.2022
Red Hat Advanced Cluster Management for Kubernetes 2	application-ui-container	Fixed	RHSA-2022:0735	03.03.2022
Red Hat Advanced Cluster Management for Kubernetes 2	assisted-image-service-container	Fixed	RHSA-2022:0735	03.03.2022
Red Hat Advanced Cluster Management for Kubernetes 2	cert-policy-controller-container	Fixed	RHSA-2022:0735	03.03.2022
Red Hat Advanced Cluster Management for Kubernetes 2	cluster-backup-operator-container	Fixed	RHSA-2022:0735	03.03.2022
Red Hat Advanced Cluster Management for Kubernetes 2	clusterclaims-controller-container	Fixed	RHSA-2022:0735	03.03.2022
Red Hat Advanced Cluster Management for Kubernetes 2	cluster-curator-controller-container	Fixed	RHSA-2022:0735	03.03.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-601

https://bugzilla.redhat.com/show_bug.cgi?id=2015152fastify-static: open redirect via an URL with double slash followed by a domain

EPSS

Процентиль: 39%

0.00172

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2021-22963

CVSS3: 6.1

nvd

больше 4 лет назад

GHSA-p6vg-p826-qp3v