CVE-2021-32721
MEDIUMPowerMux < 1.1.1 - Open Redirect via Trailing Slash Redirection
Title source: llmDescription
PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/AndrewBurian/powermux/security/advisories/GHSA-mj9r-wwm8-7q52
Scores
CVSS v3
4.7
EPSS
0.0061
EPSS Percentile
44.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (2)
AndrewBurian/powermux
0 - 1.1.1Go
powermux_project/powermux
< 1.1.1
Published
Jun 29, 2021
Tracked Since
Feb 18, 2026