Open Redirect in apostrophe

Severity:: Medium

Description

Versions of apostrophe prior to 2.92.0 are vulnerable to Open Redirect. The package redirected requests to third-party websites if escaped URLs followed by a trailing / were appended at the end.

Recommendation

Update the apostrophe package to the latest compatible version. Followings are version details:

Affected version(s): < 2.92.0
Patched version(s): 2.92.0

References

GHSA-h97g-4mx7-5p2p
snyk.io
www.npmjs.com
CWE-601
OWASP 2021-A1

Related Issues

DOMPurify Open Redirect vulnerability - CVE-2019-25155
Open redirect in karma - CVE-2021-23495
Apostrophe CMS Insufficient Session Expiration vulnerability - CVE-2021-25979
Open redirect in @auth0/nextjs-auth0 - CVE-2021-43812

These 7 PHP mistakes leave your website open to the hackers

10 Secure Coding Best Practices to Follow in Every Project

Update Cheat Sheet for Developers

Tags:: npm; apostrophe

Anything's wrong? Let us know Last updated on January 09, 2023