org.apache.sling.auth.core is vulnerable to unvalidated redirection attacks. The vulnerability exists due to the lack validation of user input from the Sling login form which allows an attacker to send victims credentials.
CPE | Name | Operator | Version |
---|---|---|---|
apache sling auth core | le | 1.4.0 |