data/reports/GO-2021-0237.yaml - vulndb - Git at Google

 id: GO-2021-0237
 modules:
   - module: github.com/AndrewBurian/powermux
     versions:
       - fixed: 1.1.1
     vulnerable_at: 1.1.0
     packages:
       - package: github.com/AndrewBurian/powermux
         symbols:
           - Route.execute
         derived_symbols:
           - ServeMux.Handler
           - ServeMux.HandlerAndMiddleware
           - ServeMux.ServeHTTP
 summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |
     Attackers may be able to craft phishing links and other open
     redirects by exploiting PowerMux's trailing slash redirection
     feature.  This may lead to users being redirected to untrusted
     sites after following an attacker crafted link.
 published: 2022-01-11T17:18:11Z
 cves:
   - CVE-2021-32721
 ghsas:
   - GHSA-mj9r-wwm8-7q52
 references:
   - fix: https://github.com/AndrewBurian/powermux/pull/42
   - fix: https://github.com/AndrewBurian/powermux/commit/5e60a8a0372b35a898796c2697c40e8daabed8e9
	id: GO-2021-0237
	modules:
	- module: github.com/AndrewBurian/powermux
	versions:
	- fixed: 1.1.1
	vulnerable_at: 1.1.0
	packages:
	- package: github.com/AndrewBurian/powermux
	symbols:
	- Route.execute
	derived_symbols:
	- ServeMux.Handler
	- ServeMux.HandlerAndMiddleware
	- ServeMux.ServeHTTP
	summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
	description: \|
	Attackers may be able to craft phishing links and other open
	redirects by exploiting PowerMux's trailing slash redirection
	feature. This may lead to users being redirected to untrusted
	sites after following an attacker crafted link.
	published: 2022-01-11T17:18:11Z
	cves:
	- CVE-2021-32721
	ghsas:
	- GHSA-mj9r-wwm8-7q52
	references:
	- fix: https://github.com/AndrewBurian/powermux/pull/42
	- fix: https://github.com/AndrewBurian/powermux/commit/5e60a8a0372b35a898796c2697c40e8daabed8e9