x/vulndb: potential Go vuln in github.com/bunkerity/bunkerweb: CVE-2024-53264

[GoVulnBot]

Advisory CVE-2024-53264 references a vulnerability in the following Go modules:

Module
github.com/bunkerity/bunkerweb

Description: bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated "next" parameter for redirects. Ex. visiting: /loading?next=https://google.com while authenticated will cause the page will redirect to google.com. This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites. This issue has been add...

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-53264
• WEB: https://github.com/bunkerity/bunkerweb/security/advisories/GHSA-q9rr-h3hx-m87g

No existing reports found with this module or alias. See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/bunkerity/bunkerweb
      vulnerable_at: 1.5.11
summary: CVE-2024-53264 in github.com/bunkerity/bunkerweb
cves:
    - CVE-2024-53264
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-53264
    - web: https://github.com/bunkerity/bunkerweb/security/advisories/GHSA-q9rr-h3hx-m87g
source:
    id: CVE-2024-53264
    created: 2024-11-27T20:02:03.841805235Z
review_status: UNREVIEWED