Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
21 Mar 2017
15 Mar 2014
Introduced: 15 Mar 2014CWE-601 Open this link in a new tab
How to fix?
keystone to version 0.3.6 or higher.
keystone is a Web Application Framework and Admin GUI / Content Management System built on Express.js and Mongoose.
Affected versions of the package are vulnerable to Open redirection which occurs when a vulnerable web page is redirected to an untrusted and malicious page that may compromise the user. Open redirection attacks usually come with a phishing attack because the modified vulnerable link is identical to the original site, which increases the likelihood of success for the phishing attack.