npm package
@keystone-6/auth
pkg:npm/%40keystone-6/auth
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-34247 | — | < 7.0.0 | 7.0.0 | Jun 13, 2023 | Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be u | ||
| CVE-2022-0087 | — | < 1.0.2 | 1.0.2 | Jan 11, 2022 | keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
- CVE-2023-34247Jun 13, 2023affected < 7.0.0fixed 7.0.0
Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be u
- CVE-2022-0087Jan 11, 2022affected < 1.0.2fixed 1.0.2
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')