CVE-2021-32721: URL Redirection to Untrusted Site (Open Redirect)

June 29, 2021 (updated July 6, 2021)

PowerMux is a drop-in replacement for Go’s http.ServeMux. In PowerMux, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link.

References

nvd.nist.gov/vuln/detail/CVE-2021-32721

Code Behaviors & Features

Detect and mitigate CVE-2021-32721 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →