Description
A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/mannyvergel/oils-js/commit/fad8fbae824a7d367dacb90d56cb02c5cb999d42
Third Party Advisory
https://vuldb.com/?id.216268
Scores
CVSS v3
6.3
EPSS
0.0037
EPSS Percentile
29.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (2)
npm/oils
0 - 8.0.0npm
oils-js_project/oils-js
< 2021-03-23
Published
Dec 19, 2022
Tracked Since
Feb 18, 2026