Open Redirect in apostrophe

GHSA-h97g-4mx7-5p2p

Published Sep 3, 2020 · Modified Sep 28, 2021

Description

Versions of apostrophe prior to 2.92.0 are vulnerable to Open Redirect. The package redirected requests to third-party websites if escaped URLs followed by a trailing / were appended at the end.

Recommendation

Update to version 2.92.0 or later.

References

WEB https://github.com/apostrophecms/apostrophe/commit/1eba144bb82bd43dab72ce36cfbd593361b6d9b7
PACKAGE https://github.com/apostrophecms/apostrophe
WEB https://snyk.io/vuln/SNYK-JS-APOSTROPHE-451089
WEB https://www.npmjs.com/advisories/1029

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes