Description
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
Remediation
References
https://security.netapp.com/advisory/ntap-20210401-0004/
https://securitylab.github.com/advisories/GHSL-2020-199-open-redirect-slashify
https://www.npmjs.com/package/slashify
Related Vulnerabilities
CVE-2021-21619 Vulnerability in maven package org.jenkins-ci.plugins:claim
CVE-2022-36272 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2016-4438 Vulnerability in maven package org.apache.struts:struts2-rest-plugin
CVE-2018-3739 Vulnerability in maven package org.webjars.npm:https-proxy-agent
CVE-2017-16137 Vulnerability in maven package org.webjars.npm:debug