Details
Assignee
UnassignedUnassignedReporter
onms security jiraonms security jiraLabels
CVE Numbers
Priority
Trivial
Details
Details
Assignee
Unassigned
UnassignedReporter
onms security jira
onms security jiraLabels
CVE Numbers
Priority
TrivialPagerDuty
PagerDuty
PagerDuty
Created July 21, 2023 at 10:34 PM
Updated September 15, 2023 at 6:16 PM
Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.
Repository: OpenNMS/alec-viz (https://github.com/OpenNMS/alec-viz)
Dependabot: https://github.com/OpenNMS/alec-viz/security/dependabot/6
CVE: CVE-2021-23495
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
GHSA: GHSA-rc3x-jf5g-xvc5
Severity: medium
Ecosystem: npm
Package Name: karma
Vulnerable Version Range: < 6.3.16
First Patched Version: 6.3.16