Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@keystone-6/auth Open Redirect vulnerability
Vulnerability Description
Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Keystone 输入验证错误漏洞
Vulnerability Description
Keystone是OpenStack开源的一款强大的CMS。用于帮助您比任何其他 Cms 或应用程序框架更快地构建和扩展。 Keystone 7.0.0之前版本存在输入验证错误漏洞,该漏洞源于包含一个开放的重定向。攻击者利用该漏洞可以绕过@keystone-6/auth重定向前导过滤器。
CVSS Information
N/A
Vulnerability Type
N/A