Description

Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.

Remediation

References

https://nodesecurity.io/advisories/60

Related Vulnerabilities

CVE-2018-7408 Vulnerability in npm package npm

CVE-2014-3630 Vulnerability in maven package com.typesafe.akka:akka-http-xml-experimental_2.11

CVE-2019-1003083 Vulnerability in maven package org.jenkins-ci.plugins:gearman-plugin

CVE-2022-41340 Vulnerability in npm package @lionello/secp256k1-js

CVE-2022-25873 Vulnerability in maven package org.webjars.bowergithub.vuetifyjs:vuetify

Severity

High

Classification

CWE-255 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory