漏洞标题
GitHub上的'Open Redirect'(未受信任站点的URL重定向)问题,项目位于github.com/AndrewBurian/powermux
漏洞描述信息
GitHub 上的开源重定向至不受信站点 (Open Redirect):github.com/AndrewBurian/powermux
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
URL Redirection to Untrusted Site ('Open Redirect') in github.com/AndrewBurian/powermux
漏洞描述信息
PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
指向未可信站点的URL重定向(开放重定向)
漏洞标题
PowerMux 输入验证错误漏洞
漏洞描述信息
PowerMux是一个应用软件。http.ServeMux具有所有缺失功能的Go 的替代品。 PowerMux 1.1.1之前版本存在安全漏洞,攻击者能够通过利用尾部斜杠重定向功能来制作网络钓鱼链接和其他开放重定向。
CVSS信息
N/A
漏洞类别
输入验证错误