Description
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.
Remediation
References
https://nodesecurity.io/advisories/60
Related Vulnerabilities
CVE-2023-31826 Vulnerability in maven package org.skyscreamer:nevado-jms
CVE-2022-23539 Vulnerability in maven package org.webjars.npm:jsonwebtoken
CVE-2016-10608 Vulnerability in npm package robot-js
CVE-2022-27772 Vulnerability in maven package org.springframework.boot:spring-boot
CVE-2022-28157 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest