CVE-2023-34247

CVSS 3.1 Score 4.1 of 10 (medium)

Details

Published Jun 13, 2023

Updated: Jun 23, 2023

CWE ID 601

Summary

CVE-2023-34247 is a vulnerability affecting the `@keystone-6/auth` package, used in Keystone, a Node.JS content management system. Versions 7.0.0 and older of this package contain an open redirect vulnerability. The `/` filter in the redirectfunction can be bypassed, allowing users to be redirected to domains other than the intended one. This issue poses a security risk, as attackers could potentially redirect users to malicious sites. Users can mitigate this vulnerability by implementing a patch from pull request 8626 or by avoiding the use of the `@keystone-6/auth` package.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/roHwZA
https://www.cve.org/CVERecord?id=CVE-2023-34247
https://nvd.nist.gov/vuln/detail/CVE-2023-34247

Back to Vulnerability Database

CVE-2023-34247

CVSS 3.1 Score 4.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations