Open Redirect

2018-08-02T15:03:38
ID NODEJS:678
Type nodejs
Reporter Ahmed
Modified 2018-08-02T15:03:38

Description

Overview

Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery (SSRF), or Bypass Authentication Protocol vulnerabilities.

Recommendation

Update to version 1.4.3 or later.

References