@keystone-6/auth Open Redirect vulnerability
Moderate severity
GitHub Reviewed
Published
Jun 13, 2023
in
keystonejs/keystone
•
Updated Nov 4, 2023
Description
Published by the National Vulnerability Database
Jun 13, 2023
Published to the GitHub Advisory Database
Jun 14, 2023
Reviewed
Jun 14, 2023
Last updated
Nov 4, 2023
Summary
There is an open redirect in the
@keystone-6/auth
package, where the redirect leading/
filter can be bypassed.Impact
Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location.
Mitigations
@keystone-6/auth
packageReferences
Similar Vulnerability Reports
Credits
Thanks to morioka12 for reporting this problem.
If you have any questions around this security advisory, please don't hesitate to contact us at [email protected], or open an issue on GitHub.
If you have a security flaw to report for any software in this repository, please see our SECURITY policy.
References