2 matches found
@aftonbladet/roc-package-web-app-gaea (>=0.1.0 <=0.4.1), roc-package-web-app (>=1.0.0 <=1.0.1) +4 more potentially affected by CVE-2021-23384 via koa-remove-trailing-slashes (=1.0.0)
koa-remove-trailing-slashes NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on koa-remove-trailing-slashes and may be impacted: - @aftonbladet/roc-package-web-app-gaea =0.1.0, =1.0.0, =1.0.0-alpha.1, =1.0.0, =1.0.0-alpha.1, =1.0.0-beta5...
CVE-2021-23384
The CVE-2021-23384 entry concerns the npm package koa-remove-trailing-slashes (versions before 2.0.2). The vulnerability is an Open Redirect caused by the use of trailing double slashes in the URL within the function removeTrailingSlashes() (index.js) where the server uses relative URLs. This can...