CVE-2021-3189

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...

Open Redirect

Overview Slashify is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, ...

CVE-2021-3189

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...

CVE-2021-3189

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...

Open redirect

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...

CVE-2021-3189

CVE-2021-3189 affects the npm package slashify (version 1.0.0) for Node.js, which normalises routes but does not validate redirection targets. Exploitation involves open redirects (example: localhost:3000///example.com/ redirects to a different domain), enabling phishing-like redirects. Public ad...

CVE-2021-3189

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...

Npm slashify input validation error vulnerability

Npm slashify is an application from the US Npm community. It is provided for handling trailing slashes with options. An input validation error vulnerability exists in Npm slashify. The vulnerability stems from a web-based system or product that does not properly validate input data, which could...

Open Redirection

slashify is vulnerable to open redirect. Visiting the URL ///github.com/ redirects the user to https://github.com...

GHSA-F4HQ-453J-P95F Open redirect in Slashify

The package is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, or a...

Open redirect in Slashify

The package is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, or a...

docpress (>=0.1.0 <=0.5.5), metalsmith-start (>=0.6.0 <=1.3.4) +1 more potentially affected by CVE-2021-3189 via slashify (>=0.1.0 <=1.0.0)

slashify NPM version =0.1.0, =0.1.0, =0.6.0, =0.13.3, =1.2.3 Source cves: CVE-2021-3189 Source advisory: OSV:GHSA-F4HQ-453J-P95F...