Description
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.
Remediation
References
https://nodesecurity.io/advisories/60
Related Vulnerabilities
CVE-2022-41881 Vulnerability in maven package io.netty:netty-codec-haproxy
CVE-2016-6345 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs
CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.freemarker
CVE-2019-15782 Vulnerability in maven package org.webjars.npm:webtorrent
CVE-2019-1010266 Vulnerability in maven package org.webjars:lodash