Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-34247

Published: 13/06/2023 Updated: 23/06/2023
CVSS v3 Base Score: 4.1 | Impact Score: 1.4 | Exploitability Score: 2.3
VMScore: 0
Subscribe to Keystone

Vulnerability Summary

Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by malicious users to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package.

Vulnerable Product Search on Vulmon Subscribe to Product

keystonejs keystone

References

CWE-601https://github.com/keystonejs/keystone/pull/8626https://github.com/keystonejs/keystone/security/advisories/GHSA-jqxr-vjvv-899mhttps://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook