EPSS
Percentile
40.7%
koa-remove-trailing-slashes is vulnerable to open redirection. The usage of relative URLs instead of absolute URLs in removeTrailingSlashes() allows an attacker to use trailing double slashes in the URL to redirect users to malicious websites.
removeTrailingSlashes()
github.com/vgno/koa-remove-trailing-slashes/blame/6a01ba8fd019bd3ece44879c553037ad96ba7d47/index.js%23L31
github.com/vgno/koa-remove-trailing-slashes/commit/9306c3059065ae654ea1775dcf1c4cd2eed52219#diff-e727e4bdf3657fd1d798edcd6b099d6e092f8573cba266154583a746bba0f346R31