Description
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
Remediation
References
https://www.npmjs.com/package/slashify
https://securitylab.github.com/advisories/GHSL-2020-199-open-redirect-slashify
https://security.netapp.com/advisory/ntap-20210401-0004/
Related Vulnerabilities
CVE-2021-32818 Vulnerability in npm package haml-coffee
CVE-2020-7630 Vulnerability in npm package git-add-remote
CVE-2023-1108 Vulnerability in maven package io.undertow:undertow-core
CVE-2021-43862 Vulnerability in npm package jquery.terminal
CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webflux