CVE-2017-1000434

Name of the Vulnerable Software and Affected Versions Furikake version 0.1.0

Description The issue allows for an Open Redirect, where the furikake-redirect parameter on a page can redirect users to an attacker-controlled page. This is due to the code in classes/Furigana.php that uses the header function to redirect to a location specified by the furikake-redirect parameter, which is obtained from the $ GET superglobal array and then urldecoded.

Recommendations For Furikake version 0.1.0, consider modifying the classes/Furigana.php file to validate and sanitize the furikake-redirect parameter before using it in the header function to prevent redirects to unauthorized locations. As a temporary workaround, consider disabling the furikake-redirect parameter until a patch is available.