data/reports/GO-2021-0237.yaml - vulndb - Git at Google

 id: GO-2021-0237
 modules:
     - module: github.com/AndrewBurian/powermux
       versions:
         - fixed: 1.1.1
       vulnerable_at: 1.1.0
       packages:
         - package: github.com/AndrewBurian/powermux
           symbols:
             - Route.execute
           derived_symbols:
             - ServeMux.Handler
             - ServeMux.HandlerAndMiddleware
             - ServeMux.ServeHTTP
 summary: Open redirect in github.com/AndrewBurian/powermux
 description: |-
     Attackers may be able to craft phishing links and other open redirects by
     exploiting PowerMux's trailing slash redirection feature. This may lead to users
     being redirected to untrusted sites after following an attacker crafted link.
 published: 2022-01-11T17:18:11Z
 cves:
     - CVE-2021-32721
 ghsas:
     - GHSA-mj9r-wwm8-7q52
 references:
     - fix: https://github.com/AndrewBurian/powermux/pull/42
     - fix: https://github.com/AndrewBurian/powermux/commit/5e60a8a0372b35a898796c2697c40e8daabed8e9
	id: GO-2021-0237
	modules:
	- module: github.com/AndrewBurian/powermux
	versions:
	- fixed: 1.1.1
	vulnerable_at: 1.1.0
	packages:
	- package: github.com/AndrewBurian/powermux
	symbols:
	- Route.execute
	derived_symbols:
	- ServeMux.Handler
	- ServeMux.HandlerAndMiddleware
	- ServeMux.ServeHTTP
	summary: Open redirect in github.com/AndrewBurian/powermux
	description: \|-
	Attackers may be able to craft phishing links and other open redirects by
	exploiting PowerMux's trailing slash redirection feature. This may lead to users
	being redirected to untrusted sites after following an attacker crafted link.
	published: 2022-01-11T17:18:11Z
	cves:
	- CVE-2021-32721
	ghsas:
	- GHSA-mj9r-wwm8-7q52
	references:
	- fix: https://github.com/AndrewBurian/powermux/pull/42
	- fix: https://github.com/AndrewBurian/powermux/commit/5e60a8a0372b35a898796c2697c40e8daabed8e9