CVE-2022-3145

URL Redirection to Untrusted Site ('Open Redirect') in npm/@okta/oidc-middleware

Identifiers

CVE-2022-3145, GHSA-58h4-9m7m-j9m4

Package Slug

npm/@okta/oidc-middleware

Vulnerability

URL Redirection to Untrusted Site ('Open Redirect')

Description

An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.

Affected Versions

All versions before 5.0.0

Solution

Upgrade to version 5.0.0 or above.

Last Modified

2023-01-23

source