oss-sec mailing list archives
CVE-2022-47500: Apache Helix: Open redirect
From: Junkai Xue <jxue () apache org>
Date: Fri, 16 Dec 2022 22:38:23 +0000
Severity: low Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue. Credit: This issue was discovered by Everardo Padilla Saca (reporter) References: https://helix.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-47500
Current thread:
- CVE-2022-47500: Apache Helix: Open redirect Junkai Xue (Dec 16)