Vulnerability Details CVE-2021-3189
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
- https://security.netapp.com/advisory/ntap-20210401-0004/
- https://securitylab.github.com/advisories/GHSL-2020-199-open-redirect-slashify
- https://www.npmjs.com/package/slashify
- https://security.netapp.com/advisory/ntap-20210401-0004/
- https://securitylab.github.com/advisories/GHSL-2020-199-open-redirect-slashify
- https://www.npmjs.com/package/slashify