AnonymousNODEJS:1622Open Redirect
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Overview
Slashify is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes (or two backslashes, or a slash and a backslash, etc.) it may redirect to a different domain.
Consider the example from the docs. Assume we have run it and started a server on localhost:3000, then visiting localhost:3000///github.com/ redirects you to https://github.com.
Recommendation
This vulnerability is currently un-patched in the slashify package so there is no known safe version of this package. Discontinuing use of slashify is recommended.
References
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N