GHSA-mhxg-2xf7-4xwx

Suggest an improvement
Source
https://github.com/advisories/GHSA-mhxg-2xf7-4xwx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-mhxg-2xf7-4xwx/GHSA-mhxg-2xf7-4xwx.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-mhxg-2xf7-4xwx
Aliases
  • CVE-2022-47500
Published
2022-12-19T12:30:23Z
Modified
2023-11-01T05:00:30.973470Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Apache Helix UI vulnerable to Open Redirect
Details

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to and including 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue.

Database specific
{
    "nvd_published_at": "2022-12-19T11:15:00Z",
    "github_reviewed_at": "2022-12-19T18:22:50Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-601"
    ]
}
References

Affected packages

Maven / org.apache.helix:helix

Package

Name
org.apache.helix:helix
View open source insights on deps.dev
Purl
pkg:maven/org.apache.helix/helix

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.8.0
Fixed
1.1.0

Affected versions

0.*

0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.9.0
0.9.0.1
0.9.1
0.9.4
0.9.7
0.9.8
0.9.9
0.9.10

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4