Vulnerability Details : CVE-2021-32721
PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.
Vulnerability category: Open redirect
Products affected by CVE-2021-32721
- cpe:2.3:a:powermux_project:powermux:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-32721
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-32721
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST | |
4.7
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N |
1.6
|
2.7
|
GitHub, Inc. |
CWE ids for CVE-2021-32721
-
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2021-32721
-
https://github.com/AndrewBurian/powermux/security/advisories/GHSA-mj9r-wwm8-7q52
URL Redirection to Untrusted Site ('Open Redirect') in github.com/AndrewBurian/powermux · Advisory · AndrewBurian/powermux · GitHubThird Party Advisory
Jump to