npm package
karma
pkg:npm/karma
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-23495 | — | < 6.3.16 | 6.3.16 | Feb 25, 2022 | The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. | ||
| CVE-2022-0437 | — | < 6.3.14 | 6.3.14 | Feb 5, 2022 | Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. |
- CVE-2021-23495Feb 25, 2022affected < 6.3.16fixed 6.3.16
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.
- CVE-2022-0437Feb 5, 2022affected < 6.3.14fixed 6.3.14
Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.