CVE-2021-23387

Name of the Vulnerable Software and Affected Versions trailing-slash versions prior to 2.0.1

Description The issue allows for Open Redirect attacks through the use of trailing double slashes in URLs when accessing vulnerable endpoints, such as "https://example.com//attacker.example/". The problem stems from the use of relative URLs instead of absolute URLs in the web server. The vulnerable code is located in index.js::createTrailing().

Recommendations For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider modifying the index.js::createTrailing() function to use absolute URLs instead of relative URLs. Restrict access to the vulnerable endpoint to minimize the risk of exploitation. Avoid using trailing double slashes in URLs until the issue is resolved.