High severity7.5NVD Advisory· Published May 29, 2018· Updated Jun 17, 2026
CVE-2015-9240
CVE-2015-9240
Description
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keystonenpm | < 0.3.16 | 0.3.16 |
Affected products
2- HackerOne/keystone node modulev5Range: <0.3.16
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-39pj-gq8q-9pfjghsaADVISORY
- nodesecurity.io/advisories/60nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2015-9240ghsaADVISORY
- www.npmjs.com/advisories/60ghsaWEB
- www.npmjs.com/package/keystoneghsaWEB
News mentions
0No linked articles in our index yet.