MEDIUM

GHSA-h97g-4mx7-5p2p

Open Redirect in apostrophe

Details

Versions of `apostrophe` prior to 2.92.0 are vulnerable to Open Redirect. The package redirected requests to third-party websites if escaped URLs followed by a trailing `/` were appended at the end.

## Recommendation

Update to version 2.92.0 or later.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / apostrophe

Introduced in: 0 Fixed in: 2.92.0

Fix npm install apostrophe@2.92.0

References

https://github.com/apostrophecms/apostrophe/commit/1eba144bb82bd43dab72ce36cfbd593361b6d9b7 [WEB]
https://github.com/apostrophecms/apostrophe [PACKAGE]
https://snyk.io/vuln/SNYK-JS-APOSTROPHE-451089 [WEB]
https://www.npmjs.com/advisories/1029 [WEB]