@keystone-6/auth is vulnerable to cross-site scripting. The vulnerability exists in the pageMiddleware
function in index.ts
as it does not properly set pathname, allowing an attacker to gain sensitive information by redirecting to malicious websites.
CPE | Name | Operator | Version |
---|---|---|---|
@keystone-6/auth | le | 1.0.1 | |
@keystone-6/auth | le | 1.0.1 |