Lucene search

K
osvGoogleOSV:GHSA-9Q64-MPXX-87FG
HistoryApr 01, 2020 - 4:35 p.m.

Open Redirect in ecstatic

2020-04-0116:35:08
Google
osv.dev
16

0.001 Low

EPSS

Percentile

42.5%

Versions of ecstatic prior to 4.1.2, 3.3.2 or 2.2.2 are vulnerable to Open Redirect. The package fails to validate redirects, allowing attackers to craft requests that result in an HTTP 301 redirect to any other domains.

Recommendation

If using ecstatic 4.x, upgrade to 4.1.2 or later.
If using ecstatic 3.x, upgrade to 3.3.2 or later.
If using ecstatic 2.x, upgrade to 2.2.2 or later.

0.001 Low

EPSS

Percentile

42.5%