GHSA-FR3W-2P22-6W7P URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Summary The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL https://docs.directus.io/reference/authentication.htmllogin-using-sso-providers /auth/login/google?redirect for example. Details There's a...