CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

RedhatCVE•added 2025/05/22 6:50 p.m.•5 views

CVE-2021-3189

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...

6.1CVSS6.8AI score0.00122EPSS

Exploits1References1

Node.js•added 2021/02/23 2:32 a.m.•79 views

Open Redirect

Overview Slashify is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, ...

5.8CVSS6.5AI score0.00122EPSS

Exploits1Affected Software1

OSV•added 2021/02/19 11:15 p.m.•1 views

CVE-2021-3189

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...

6.1CVSS6.3AI score

Exploits0References3

NVD•added 2021/02/19 11:15 p.m.•16 views

CVE-2021-3189

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...

6.1CVSS0.00122EPSS

Exploits1References3

Prion•added 2021/02/19 11:15 p.m.•16 views

Open redirect

The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring...

5.8CVSS6.5AI score0.00122EPSS

Exploits1References3Affected Software1

CVE•added 2021/02/19 10:24 p.m.•85 views

CVE-2021-3189

CVE-2021-3189 affects the npm package slashify (version 1.0.0) for Node.js, which normalises routes but does not validate redirection targets. Exploitation involves open redirects (example: localhost:3000///example.com/ redirects to a different domain), enabling phishing-like redirects. Public ad...

6.1CVSS6.4AI score0.00122EPSS

Exploits1References3Affected Software1