Garudlaksha1

**Name of the Vulnerable Software and Affected Versions** mod auth mellon versions prior to 0.14.2 **Description** A vulnerability in mod auth mellon allows an open redirect in the logout URL, where requests with backslashes are treated as relative URLs, while browsers convert them to forward slashes, treating them as absolute URLs. This mismatch enables an attacker to bypass the redirect URL validation logic in the `apr uri parse` function. The issue can be exploited by a remote attacker to redirect users to a malicious site. **Recommendations** For mod auth mellon versions prior to 0.14.2, update to version 0.14.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the logout URL to minimize the risk of exploitation.