exploitDog

CVE-2021-3189

Опубликовано: 19 фев. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.

Ссылки

https://security.netapp.com/advisory/ntap-20210401-0004/
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2020-199-open-redirect-slashify
Exploit
Third Party Advisory
https://www.npmjs.com/package/slashify
Product
https://security.netapp.com/advisory/ntap-20210401-0004/
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2020-199-open-redirect-slashify
Exploit
Third Party Advisory
https://www.npmjs.com/package/slashify
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:google:slashify:1.0.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 52%

0.00289

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-f4hq-453j-p95f

CVSS3: 6.1

github

около 5 лет назад

Open redirect in Slashify

EPSS

Процентиль: 52%

0.00289

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601