Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Keystone Security Vulnerabilities - 2023

cve
cve

CVE-2023-34247

Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package versions 7.0.0 and prior, where the redirect leading / filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-...

6.1CVSS

4.5AI Score

0.001EPSS

2023-06-13 05:15 PM
20
cve
cve

CVE-2023-40027

Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When ui.isAccessAllowed is set as undefined, the adminMeta GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI middleware, which by default will only...

5.3CVSS

5.2AI Score

0.001EPSS

2023-08-15 06:15 PM
2472