← Back to CVE List

CVE-2023-35948

Published: 2023-07-06T15:15Z
Last Modified: 2024-11-21T08:09Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt