← volver
CVE-2021-32721

URL Redirection to Untrusted Site ('Open Redirect') in github.com/AndrewBurian/powermux

CVSS 4.7 MEDIUMEPSS 0.6%CWE-601
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 jun 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
AndrewBurian · powermux

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/AndrewBurian/powermux/security/advisories/GHSA-mj9r-wwm8-7q52