Name of the Vulnerable Software and Affected Versions framework versions prior to 3.1.14

Description A risk exists due to an unvalidated returnURL parameter passed to dev/build, which could cause the user to redirect to an unverified third-party URL outside of the site.

Recommendations For versions prior to 3.1.14, update to the 3.1.14 stable release to resolve the issue. As a temporary workaround, consider validating the returnURL parameter to ensure it does not redirect to unverified third-party URLs.