CVE-2021-32721

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32721

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32721.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32721

Aliases

Related

GHSA-mj9r-wwm8-7q52

Published

2021-06-29T19:15:09Z

Modified

2025-01-14T09:14:44.520045Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.

References

https://github.com/AndrewBurian/powermux/security/advisories/GHSA-mj9r-wwm8-7q52

Affected packages

Git / github.com/andrewburian/powermux

Affected ranges

Type: GIT
Repo: https://github.com/andrewburian/powermux
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0412e281c13d712cef2de065f820dd083f6925b0

Affected versions

v1.*

v1.0.0

v1.1.0