GHSA-59fq-727j-hm3f

Suggest an improvement
Source
https://github.com/advisories/GHSA-59fq-727j-hm3f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-59fq-727j-hm3f/GHSA-59fq-727j-hm3f.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-59fq-727j-hm3f
Aliases
Published
2023-03-02T23:21:02Z
Modified
2023-11-08T04:08:12.422193Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
keycloak-connect contains Open redirect vulnerability in the Node.js adapter
Details

There is an Open Redirect vulnerability in the Node.js adapter when forwarding requests to Keycloak using checkSSO with query param prompt=none.

Database specific
{
    "nvd_published_at": "2023-03-27T22:15:00Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2023-03-02T23:21:02Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-601"
    ]
}
References

Affected packages

npm / keycloak-connect

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
21.0.1