Open Redirect Affecting package, versions <7.0.0

  • Attack Complexity


  • User Interaction


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    3 Feb 2021

  • disclosed

    3 Feb 2021

  • credit

    Sergio Morales

How to fix?

Upgrade to version 7.0.0 or higher.

Overview is a reverse proxy that provides authentication with Google, Github or other providers.

Affected versions of this package are vulnerable to Open Redirect. For users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect.

For example, if a whitelist domain was configured for, the intention is that subdomains of are allowed. Instead, and could also match.