Open Redirect in hekto · CVE-2018-3743 · GitHub Advisory Database · GitHub

Open Redirect in hekto

Moderate severity GitHub Reviewed Published Jul 18, 2018 to the GitHub Advisory Database • Updated Jan 31, 2023

Package

hekto (npm)

Affected versions

< 0.2.4

Patched versions

0.2.4

Description

Versions of hekto before 0.2.4 are vulnerable to open redirect when a domain name is used as part of the .html filename.

Recommendation

Update to version 0.2.4 or later.

References

Published by the National Vulnerability Database

Jun 1, 2018

Published to the GitHub Advisory Database Jul 18, 2018

Reviewed Jun 16, 2020

Last updated Jan 31, 2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N