amp-html@1.0.1 vulnerabilities
Full site AMP Pages validator
-
latest version
1.0.1
-
first published
5 years ago
-
latest version published
5 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the amp-html package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
amp-html is a Full site AMP Pages validator Affected versions of this package are vulnerable to Open Redirect. The default value of the "return" parameter for the amp-access login endpoint is set to the cdn.ampproject.org "login done" page with a "url" parameter that contains the original url of the AMP page, where the canonical backend is supposed to redirect after login or logout. Once redirected, the "login done" page is immediately redirecting back to the URL from the "url" parameter which is the original AMP page from where the authentication request originated from. The issue is that the "url" parameter is not being validated by the domain, so when the "url" parameter is manually changed to another domain, it's still being redirected to that url and not being validated. How to fix Open Redirect? There is no fixed version for |
*
|