CVE-2021-3189
MEDIUMslashify 1.0.0 - Open Redirect via Malformed URL Path
Title source: llmDescription
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
References (3)
Core 3
Core References
Product x_refsource_misc
https://www.npmjs.com/package/slashify
Exploit, Third Party Advisory x_refsource_misc
https://securitylab.github.com/advisories/GHSL-2020-199-open-redirect-slashify
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210401-0004/
Scores
CVSS v3
6.1
EPSS
0.0053
EPSS Percentile
40.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (2)
google/slashify
1.0.0
npm/slashify
0npm
Published
Feb 19, 2021
Tracked Since
Feb 18, 2026