Details
Assignee
UnassignedUnassignedReporter
onms security jiraonms security jiraLabels
Priority
Trivial
Details
Details
Assignee
Unassigned
UnassignedReporter
onms security jira
onms security jira
Labels
Priority
TrivialPagerDuty
PagerDuty
PagerDuty
Created July 19, 2023 at 12:45 PM
Updated July 19, 2023 at 12:45 PM
Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.
Repository: OpenNMS/newts (https://github.com/OpenNMS/newts)
Dependabot: https://github.com/OpenNMS/newts/security/dependabot/45
CVE: CVE-2021-23495
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
GHSA: GHSA-rc3x-jf5g-xvc5
Severity: medium
Ecosystem: npm
Package Name: karma
Vulnerable Version Range: < 6.3.16
First Patched Version: 6.3.16