4 matches found
create-keystone-app-master (>=6.0.21 <=6.0.22) potentially affected by CVE-2023-34247 via @keystone-6/auth (=2.0.0)
@keystone-6/auth NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @keystone-6/auth and may be impacted: - create-keystone-app-master =6.0.21, =6.0.22 Source cves: CVE-2023-34247 Source advisory: OSV:GHSA-JQXR-VJVV-899M...
CVE-2023-34247 @keystone-6/auth Open Redirect vulnerability
Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to...
CVE-2023-34247
Keystone is a Node.js-based CMS. There is an Open Redirect in the @keystone-6/auth package up to version 7.0.0, where the redirect leading '/' filter can be bypassed. An attacker may cause users to be redirected to external domains instead of the relative host. Remediation is to apply the patch f...
CVE-2023-34247 @keystone-6/auth Open Redirect vulnerability
Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to...