Open Redirect in ecstatic

Versions of ecstatic prior to 4.1.2, 3.3.2 or 2.2.2 are vulnerable to Open Redirect. The package fails to validate redirects, allowing attackers to craft requests that result in an HTTP 301 redirect to any other domains.

Recommendation

If using ecstatic 4.x, upgrade to 4.1.2 or later.
If using ecstatic 3.x, upgrade to 3.3.2 or later.
If using ecstatic 2.x, upgrade to 2.2.2 or later.