CVE-2022-47500 – org.apache.helix:helix

Package

Manager: maven
Name: org.apache.helix:helix
Vulnerable Version: >=0.8.0 <1.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00808 pctl0.73316

Details

Apache Helix UI vulnerable to Open Redirect URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to and including 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue.

Metadata

Created: 2022-12-19T12:30:23Z
Modified: 2022-12-27T01:02:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-mhxg-2xf7-4xwx/GHSA-mhxg-2xf7-4xwx.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-mhxg-2xf7-4xwx
Finding: F156
Auto approve: 1