GO-2021-0237

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2021-0237

Import Source

https://vuln.go.dev/ID/GO-2021-0237.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2021-0237

Aliases

Published

2022-01-11T17:18:11Z

Modified

2024-05-20T16:03:47Z

Summary

Open redirect in github.com/AndrewBurian/powermux

Details

Attackers may be able to craft phishing links and other open redirects by exploiting PowerMux's trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link.

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2021-0237"
}

References

Affected packages

Go / github.com/AndrewBurian/powermux

Package

Name: github.com/AndrewBurian/powermux; View open source insights on deps.dev
Purl: pkg:golang/github.com/AndrewBurian/powermux

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/AndrewBurian/powermux",
            "symbols": [
                "Route.execute",
                "ServeMux.Handler",
                "ServeMux.HandlerAndMiddleware",
                "ServeMux.ServeHTTP"
            ]
        }
    ]
}