| { |
| "schema_version": "1.3.1", |
| "id": "GO-2021-0237", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "2022-01-11T17:18:11Z", |
| "aliases": [ |
| "CVE-2021-32721", |
| "GHSA-mj9r-wwm8-7q52" |
| ], |
| "summary": "Open redirect in github.com/AndrewBurian/powermux", |
| "details": "Attackers may be able to craft phishing links and other open redirects by exploiting PowerMux's trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link.", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/AndrewBurian/powermux", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "1.1.1" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "github.com/AndrewBurian/powermux", |
| "symbols": [ |
| "Route.execute", |
| "ServeMux.Handler", |
| "ServeMux.HandlerAndMiddleware", |
| "ServeMux.ServeHTTP" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "FIX", |
| "url": "https://github.com/AndrewBurian/powermux/pull/42" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/AndrewBurian/powermux/commit/5e60a8a0372b35a898796c2697c40e8daabed8e9" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2021-0237" |
| } |
| } |