GHSA-r773-pmw3-f4mr

Опубликовано: 10 фев. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Open Redirect in koa-remove-trailing-slashes

The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::removeTrailingSlashes(), as the web server uses relative URLs instead of absolute URLs.

Ссылки

Пакеты

Наименование

koa-remove-trailing-slashes

npm

Затронутые версииВерсия исправления

< 2.0.2

2.0.2

EPSS

Процентиль: 43%

0.00207

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-23384

Дефекты

CWE-601

Связанные уязвимости

CVE-2021-23384

CVSS3: 5.4

nvd

больше 4 лет назад

The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::removeTrailingSlashes(), as the web server uses relative URLs instead of absolute URLs.

EPSS

Процентиль: 43%

0.00207

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-23384

Дефекты

CWE-601