oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-47500: Apache Helix: Open redirect

From: Junkai Xue <jxue () apache org>
Date: Fri, 16 Dec 2022 22:38:23 +0000
Severity: low

Description:

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI 
component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4.



Solution: removed the the forward component since it was improper designed for UI embedding.

 User please upgrade to 1.1.0 to fix this issue.

Credit:

This issue was discovered by Everardo Padilla Saca (reporter)

References:

https://helix.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-47500
Previous By Date Next
Previous By Thread Next

Current thread: