Описание
Open Redirect in apostrophe
Versions of apostrophe prior to 2.92.0 are vulnerable to Open Redirect. The package redirected requests to third-party websites if escaped URLs followed by a trailing / were appended at the end.
Recommendation
Update to version 2.92.0 or later.
Пакеты
Наименование
apostrophe
npm
Затронутые версииВерсия исправления
< 2.92.0
2.92.0
Дефекты
CWE-601
Дефекты
CWE-601