github.com/thethingsnetwork/lorawan-stack is vulnerable to Open Redirect. The library’s login page has an open redirect, which enables a user-controlled redirect to be sent by an attacker upon sign-in.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/thethingsnetwork/lorawan-stack | le | v3.24.0 | |
github.com/thethingsnetwork/lorawan-stack | le | v3.24.0 |
github.com/TheThingsNetwork/lorawan-stack/blob/ecdef730f176c02f7c9afce98b0457ae64de5bfc/pkg/webui/account/views/login/index.js#L90-L90
github.com/TheThingsNetwork/lorawan-stack/blob/ecdef730f176c02f7c9afce98b0457ae64de5bfc/pkg/webui/account/views/token-login/index.js#L74-L74
github.com/TheThingsNetwork/lorawan-stack/blob/v3.24.0/pkg/webui/account/views/login/index.js#L90
github.com/TheThingsNetwork/lorawan-stack/commit/f06776028bdb3994847fc6067613dc61a2b3559e
github.com/TheThingsNetwork/lorawan-stack/pull/6051
github.com/TheThingsNetwork/lorawan-stack/releases/tag/v3.24.1
securitylab.github.com/advisories/GHSL-2022-138_lorawan-stack/