CX Open_Redirect @ core/apphandler.js [master]

tsunez / dvna

Damn Vulnerable NodeJS Application

MIT License

0 stars 0 forks source link

CX Open_Redirect @ core/apphandler.js [master] #13

Open tsunez opened 3 years ago

tsunez commented 3 years ago

Open_Redirect issue exists @ core/apphandler.js in branch master

The potentially tainted value provided by url in core\apphandler.js at line 186 is used as a destination URL by redirect in core\apphandler.js at line 186, potentially allowing attackers to perform an open redirection.

Severity: Low

CWE:601

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 188

Code (Line #188):

        res.redirect(req.query.url)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)