node-forge : < 1.0.0 - Open Redirect in node-forge
Created by: armorcodegithubqa[bot]
parseUrl functionality in node-forge mishandles certain uses of backslash such as https:///\ and interprets the URI as a relative path.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0122
- https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e
- https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae
- https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
File Path: public/package-lock.json
Mitigation: Patched version: 1.0.0