CVE-2021-42357

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-42357

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42357.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-42357

Aliases

GHSA-vv38-4xcj-q4rw

Published

2022-01-17T20:15:07.697Z

Modified

2026-03-19T12:44:42.398105Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign.

References

Affected packages

Git / github.com/apache/knox

Affected ranges

Type

GIT

Repo

https://github.com/apache/knox

Events

Introduced

Fixed

6060a757389b16f6fc8c6689503107d0c06a2f1d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.6.1"
        }
    ]
}

Affected versions

v0.*

v0.1.0-m1

v0.10.0-branch

v0.11.0-branch

v0.12.0-branch

v0.13.0-branch

v0.14.0-branch

v0.2.0-branch

v0.2.0-rc1

v0.2.0-rc2

v0.3.0-branch

v0.4.0-branch

v0.5.0-branch

v0.6.0-branch

v0.7.0-branch

v0.8.0-branch

v0.9.0-branch

v1.*

v1.0.0-branch

v1.1.0-branch

v1.2.0-branch

v1.3.0-branch

v1.4.0-branch

v1.5.0-branch

v1.6.0-RC1

v1.6.0-RC2

v1.6.0-RC3

v1.6.0-RC4

v1.6.0-release

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42357.json"