Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177
- published 17 Feb 2022
- disclosed 17 Feb 2022
- credit Snyk Security Team
How to fix?
github.com/gophish/gophish to version 0.12.0 or higher.
Affected versions of this package are vulnerable to Open Redirect. The Open Redirect vulnerability exists in the
next query parameter. The application uses
url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if
next parameter starts with multiple backslashes like
\\\\\\example.com, browser will redirect user to