Lucene search
SnykCVELIST:CVE-2021-23495HistoryFeb 25, 2022 - 12:00 a.m.
CVE-2021-23495 Open Redirect
2022-02-2500:00:00
snyk
www.cve.org
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
31.0%
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.
CNA Affected
[
{
"product": "karma",
"vendor": "n/a",
"versions": [
{
"lessThan": "6.3.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
Open redirect in karma
2022-02-26 00:00:38
CVE-2021-23495
2022-02-25 20:15:08
nvd
nvd
CVE-2021-23495
2022-02-25 20:15:08
cve
cve
CVE-2021-23495
2022-02-25 20:15:08
veracode
veracode
Open Redirect
2022-02-28 10:29:32
cnvd
cnvd
karma input validation error vulnerability
2022-03-01 00:00:00
prion
prion
Open redirect
2022-02-25 20:15:00
github
github
Open redirect in karma
2022-02-26 00:00:38
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
31.0%
Related for CVELIST:CVE-2021-23495