Flagged for possible Open Redirect exploit by 3rd Party Security Audit #11171
jamesrboatwright
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi, we're using v6.21.1 hashrouter and a third party auditing service (Checkmarx) is warning of a potential open redirect exploit in instances where window.location is referenced. In particular, it flagged these two areas
router/history.ts
and
react-router-dom/index.tsx
The Checkmarx scan recommends constructing the url by also using a value from an allow-list or a variable with the site urls. I am hoping to learn if anyone else ran across this kind of warning if they were able to find a resolution. Thank you.
Beta Was this translation helpful? Give feedback.
All reactions