Moderate severityGHSA Advisory· Published May 17, 2021· Updated Sep 16, 2024
Open Redirect
CVE-2021-23384
Description
The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::removeTrailingSlashes(), as the web server uses relative URLs instead of absolute URLs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
koa-remove-trailing-slashesnpm | < 2.0.2 | 2.0.2 |
Affected products
2- Range: < 2.0.2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.