<p>A fix was pushed into the <code>master</code> branch but not yet published.</p>

=0.0.0

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-GOLANG-GITHUBCOMURFAVENEGRONI-1658297
published 11 Oct 2021
disclosed 24 Sep 2021
credit hhoke

Report a new vulnerability Found a mistake?

Introduced: 24 Sep 2021

CWE-601 Open this link in a new tab

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

github.com/urfave/negroni is an idiomatic approach to web middleware in Go.

Affected versions of this package are vulnerable to Open Redirect. A specifically-crafted URL can cause a site using negroni to be redirected to an external site.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

Required

Scope (S)

Unchanged

Confidentiality (C)

Low
Integrity (I)

Low
Availability (A)

None

Open Redirect Affecting github.com/urfave/negroni package, versions >=0.0.0

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 24 Sep 2021

How to fix?

Overview

References

CVSS Scores

Snyk