Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1taHhnLTJ4ZjctNHh3eM4AAwZ1
Apache Helix UI vulnerable to Open Redirect
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to and including 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue.
Permalink: https://github.com/advisories/GHSA-mhxg-2xf7-4xwxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1taHhnLTJ4ZjctNHh3eM4AAwZ1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-mhxg-2xf7-4xwx, CVE-2022-47500
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-47500
- https://lists.apache.org/thread/lr74xtxxbb1t3dfn5qzzwl2xjr3qlbmh
- https://github.com/advisories/GHSA-mhxg-2xf7-4xwx
Affected Packages
maven:org.apache.helix:helix
Dependent packages: 0Dependent repositories: 1
Downloads:
Affected Version Ranges: >= 0.8.0, < 1.1.0
Fixed in: 1.1.0
All affected versions: 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.9.0, 0.9.1, 0.9.4, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4
All unaffected versions: 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.7.1, 1.1.0, 1.2.0, 1.3.0, 1.3.1