CVE-2021-32721
Last modified
CVE-2021-32721 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. EPSS estimates a 0.61% chance of exploitation in the next 30 days.
Description
PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Powermux Project | Powermux | < 1.1.1 |
References
- https://github.com/AndrewBurian/powermux/security/advisories/GHSA-mj9r-wwm8-7q52Third Party Advisory
- https://github.com/AndrewBurian/powermux/security/advisories/GHSA-mj9r-wwm8-7q52Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-32721?
How severe is CVE-2021-32721?
How do I fix CVE-2021-32721?
Are you affected by CVE-2021-32721?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST