mirror of https://github.com/requarks/wiki
The loginRedirect cookie value was used directly in res.redirect() and window.location.replace() without validation, allowing redirection to arbitrary external URLs. Added validation to ensure the redirect target is a relative path before use.pull/7923/head
parent
6ae53bf1bd
commit
321a9182ed
Loading…
Reference in new issue