0X0Oz

**Name of the Vulnerable Software and Affected Versions** Nitro versions prior to 2.13.4 Nitro versions prior to 3.0.260429-beta **Description** An issue exists where an attacker can transform a redirect route rule using wildcards into a cross-host redirect by inserting an extra slash after the rule prefix. This occurs when the project uses `routeRules` with a `redirect` entry and the target uses a `/**` wildcard suffix to forward sub-paths. The Nitro runtime strips the rule prefix and joins the remainder against the target; if the remainder starts with `//`, it is preserved, leading the browser to resolve it as a protocol-relative URL to an external domain. This results in an open redirect where the target is fully controlled by the attacker. This issue does not affect deployments using `vercel`, `netlify`, `cloudflare-pages`, or `edgeone` presets, as those handle redirects at the CDN layer rather than through the Nitro runtime. **Recommendations** Update to version 2.13.4 or later. Update to version 3.0.260429-beta or later.