CVE-2022-47500: Apache Helix: Open redirect
First published: Mon Dec 19 2022(Updated: )
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Helix | >=0.8.0<=1.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-47500.
What is the severity of CVE-2022-47500?
The severity of CVE-2022-47500 is medium.
What is the affected software for CVE-2022-47500?
The affected software for CVE-2022-47500 is Apache Helix versions 0.8.0 to 1.0.4.
How does CVE-2022-47500 impact the Apache Helix UI component?
CVE-2022-47500 allows for URL redirection to untrusted sites, posing a risk to the integrity and security of the Apache Helix UI component.
What is the recommended solution for CVE-2022-47500?
The recommended solution for CVE-2022-47500 is to remove the forward component since it was improperly designed for UI embedding, and to upgrade to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- vendor/apache
- canonical/apache helix
- version/apache helix/0.8.0
- version/apache helix/1.0.4