First published: Mon Dec 19 2022(Updated: )
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Helix | >=0.8.0<=1.0.4 | |
>=0.8.0<=1.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-47500.
The severity of CVE-2022-47500 is medium.
The affected software for CVE-2022-47500 is Apache Helix versions 0.8.0 to 1.0.4.
CVE-2022-47500 allows for URL redirection to untrusted sites, posing a risk to the integrity and security of the Apache Helix UI component.
The recommended solution for CVE-2022-47500 is to remove the forward component since it was improperly designed for UI embedding, and to upgrade to a version that is not affected by the vulnerability.