Headline
CVE-2021-23495: Open Redirect in org.webjars.npm:karma | CVE-2021-23495 | Snyk
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications
snyk-id
SNYK-JAVA-ORGWEBJARSNPM-2412347
published
23 Feb 2022
disclosed
9 Feb 2022
credit
unknown
How to fix?
There is no fixed version for org.webjars.npm:karma.
Overview
org.webjars.npm:karma is a simple tool that allows you to execute JavaScript code in multiple real browsers.
Affected versions of this package are vulnerable to Open Redirect due to missing validation of the return_url query parameter.