PT-2022-9402 · Karma · Karma

Unknown

Published

2022-02-25

Updated

2022-03-08

CVE-2021-23495

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions karma versions prior to 6.3.16

Description The issue is related to an Open Redirect vulnerability due to missing validation of the return url query parameter. This allows for potential redirection to unintended locations.

Recommendations For versions prior to 6.3.16, update to version 6.3.16 or later to resolve the issue. As a temporary workaround, consider validating the return url query parameter to ensure it points to an intended location within the application. Restrict access to the return url parameter in the affected API endpoint to minimize the risk of exploitation.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2021-23495

GHSA-RC3X-JF5G-XVC5

SNYK-JAVA-ORGWEBJARSNPM-2412347

SNYK-JS-KARMA-2396325

Affected Products

Karma

PT-2022-9402 · Karma · Karma

CVE-2021-23495

Weakness Enumeration

Related Identifiers

Affected Products

References · 9