CVE-2015-9240: Authentication Weakness in keystone

June 7, 2018 (updated August 31, 2021)

Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.

References

github.com/advisories/GHSA-39pj-gq8q-9pfj
nodesecurity.io/advisories/60
nvd.nist.gov/vuln/detail/CVE-2015-9240
www.npmjs.com/advisories/60
www.npmjs.com/package/keystone

Code Behaviors & Features

Detect and mitigate CVE-2015-9240 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →