CVE-2021-23401: URL Redirection to Untrusted Site (Open Redirect)
(updated )
When using the make_safe_url
function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes.
References
Detect and mitigate CVE-2021-23401 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →