CVE-2022-47500 Apache Helix: Open redirect

2022-12-1910:03:41

CWE-601

apache

www.cve.org

apache helix

url redirection

vulnerability

fix

upgrade

EPSS

0.001

Percentile

49.5%

JSON

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4.

Solution: removed the the forward component since it was improper designed for UI embedding.

User please upgrade to 1.1.0 to fix this issue.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Helix",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.0.4",
        "status": "affected",
        "version": "0.8.0",
        "versionType": "custom"
      }
    ]
  }
]

References

lists.apache.org/thread/lr74xtxxbb1t3dfn5qzzwl2xjr3qlbmh

EPSS

0.001

Percentile

49.5%

JSON

Related for CVELIST:CVE-2022-47500