blob: ac3729df9226ab1cef803513e69142a1339e8fb5 [file] [log] [blame]
id: GO-2021-0237
modules:
- module: github.com/AndrewBurian/powermux
versions:
- fixed: 1.1.1
vulnerable_at: 1.1.0
packages:
- package: github.com/AndrewBurian/powermux
symbols:
- Route.execute
derived_symbols:
- ServeMux.Handler
- ServeMux.HandlerAndMiddleware
- ServeMux.ServeHTTP
summary: Open redirect in github.com/AndrewBurian/powermux
description: |-
Attackers may be able to craft phishing links and other open redirects by
exploiting PowerMux's trailing slash redirection feature. This may lead to users
being redirected to untrusted sites after following an attacker crafted link.
published: 2022-01-11T17:18:11Z
cves:
- CVE-2021-32721
ghsas:
- GHSA-mj9r-wwm8-7q52
references:
- fix: https://github.com/AndrewBurian/powermux/pull/42
- fix: https://github.com/AndrewBurian/powermux/commit/5e60a8a0372b35a898796c2697c40e8daabed8e9
review_status: REVIEWED