How severe is CVE-2023-34247?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2023-34247?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2023-34247 - MEDIUM Severity | CVSS 4.1

Vulnerability Description

Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package.

Related Vulnerabilities

CVE-2024-32078

MEDIUM

CVSS:4.1(Medium)

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212.

CWE-6012024

CVE-2025-30164

MEDIUM

CVSS:4.1(Medium)

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL t...

CWE-6012025

CVE-2019-11269

MEDIUM

CVSS:4.2(Medium)

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector att...

CWE-6012019

CVE-2022-1230

LOW

CVSS:3.9(Low)

This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-p...

CWE-6012022

CVE-2018-11784

MEDIUM

CVSS:4.3(Medium)

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/fo...

CWE-6012018

CVE-2018-5304

MEDIUM

CVSS:4.3(Medium)

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web applic...

CWE-6012018