Homepage
About Snyk

Open Redirect Affecting keystone package, versions >=0.2.7 <0.3.6

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID npm:keystone:20140316
  • published 21 Mar 2017
  • disclosed 15 Mar 2014
  • credit Oliver Jenkins
Report a new vulnerability Found a mistake?

Introduced: 15 Mar 2014

CVE NOT AVAILABLE CWE-601 Open this link in a new tab

How to fix?

Upgrade keystone to version 0.3.6 or higher.

Overview

keystone is a Web Application Framework and Admin GUI / Content Management System built on Express.js and Mongoose. Affected versions of the package are vulnerable to Open redirection which occurs when a vulnerable web page is redirected to an untrusted and malicious page that may compromise the user. Open redirection attacks usually come with a phishing attack because the modified vulnerable link is identical to the original site, which increases the likelihood of success for the phishing attack.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
6.5 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    None
  • Availability (A)
    None