CVE-2021-3189: URL Redirection to Untrusted Site (Open Redirect)

February 19, 2021 (updated May 23, 2022)

The slashify package for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.

References

nvd.nist.gov/vuln/detail/CVE-2021-3189

Detect and mitigate CVE-2021-3189 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →