commit 6d77399a5191be303f7808ed157722946302a8d4
author Damien Neil <dneil@google.com> Mon Jan 10 16:03:06 2022 -0800
committer Damien Neil <dneil@google.com> Tue Jan 11 17:18:11 2022 +0000
tree f3245288e9f08d7b12ac6dcc2841f673cc68e419
parent 10399a98ef46620da685e8e7965d02dcba3a743f

reports: add GO-2021-0237.yaml for CVE-2021-32721

Fixes golang/vulndb#237

Change-Id: I39fef7be19038482937624d60d2b804bd26a2e69
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/377575
Trust: Damien Neil <dneil@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>

reports/GO-2021-0237.yaml

diff --git a/reports/GO-2021-0237.yaml b/reports/GO-2021-0237.yaml
new file mode 100644
index 0000000..6d87ac9
--- /dev/null
+++ b/reports/GO-2021-0237.yaml
@@ -0,0 +1,17 @@
+module: github.com/AndrewBurian/powermux
+versions:
+- fixed: v1.1.1
+description: |
+  Attackers may be able to craft phishing links and other open
+  redirects by exploiting PowerMux's trailing slash redirection
+  feature.  This may lead to users being redirected to untrusted
+  sites after following an attacker crafted link.
+cves:
+- CVE-2021-32721
+symbols:
+- Route.execute
+links:
+  pr: https://github.com/AndrewBurian/powermux/pull/42
+  commit: https://github.com/AndrewBurian/powermux/commit/5e60a8a0372b35a898796c2697c40e8daabed8e9
+  context:
+  - https://github.com/AndrewBurian/powermux/security/advisories/GHSA-mj9r-wwm8-7q52