Versions of ecstatic
prior to 4.1.2, 3.3.2 or 2.2.2 are vulnerable to Open Redirect. The package fails to validate redirects, allowing attackers to craft requests that result in an HTTP 301
redirect to any other domains.
If using ecstatic
4.x, upgrade to 4.1.2 or later.
If using ecstatic
3.x, upgrade to 3.3.2 or later.
If using ecstatic
2.x, upgrade to 2.2.2 or later.