chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes
The RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect. We consider this a lower-severity open redirect, as it can't be exploited from browsers or email clients (requires manipulation of a Host header).