← voltar
CVE-2021-32721

URL Redirection to Untrusted Site ('Open Redirect') in github.com/AndrewBurian/powermux

CVSS 4.7 MEDIUMEPSS 0.6%CWE-601
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 jun 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
AndrewBurian · powermux

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/AndrewBurian/powermux/security/advisories/GHSA-mj9r-wwm8-7q52