CVE-2019-25155: URL Redirection to Untrusted Site ('Open Redirect')

November 14, 2023 (updated November 15, 2023)

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a ‘rel=“noopener noreferrer”’ attribute.

References

github.com/advisories/GHSA-8hgg-xxm5-3873
github.com/cure53/DOMPurify/commit/7601c33a57e029cce51d910eda5179a3f1b51c83
github.com/cure53/DOMPurify/compare/1.0.10...1.0.11
github.com/cure53/DOMPurify/pull/337
nvd.nist.gov/vuln/detail/CVE-2019-25155

Code Behaviors & Features

Detect and mitigate CVE-2019-25155 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →