Description
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
Remediation
References
https://security.netapp.com/advisory/ntap-20210401-0004/
https://securitylab.github.com/advisories/GHSL-2020-199-open-redirect-slashify
https://www.npmjs.com/package/slashify
Related Vulnerabilities
CVE-2020-28459 Vulnerability in npm package markdown-it-decorate
CVE-2023-37945 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2022-23712 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2019-10423 Vulnerability in maven package com.villagechief.codescan.jenkins:codescan