3 matches found
CVE-2021-3829
openwhyd is vulnerable to URL Redirection to Untrusted Site...
CVE-2021-3829 Open Redirect in openwhyd/openwhyd
openwhyd is vulnerable to URL Redirection to Untrusted Site...
CVE-2021-3829
Open Redirect in openwhyd/openwhyd (CVE-2021-3829) is caused by an unsafe redirect implementation in consent handling. The code added a safeRedirect() that uses new URL(url, config.urlPrefix) and then compares fullURL.toString() to config.urlPrefix, which relies on the default URL() behavior (hre...