Flagged for possible Open Redirect exploit by 3rd Party Security Audit #11171
jamesrboatwright
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi, we're using v6.21.1 hashrouter and a third party auditing service (Checkmarx) is warning of a potential open redirect exploit in instances where window.location is referenced. In particular, it flagged these two areas
router/history.ts
and
react-router-dom/index.tsx
The Checkmarx scan recommends constructing the url by also using a value from an allow-list or a variable with the site urls. I am hoping to learn if anyone else ran across this kind of warning if they were able to find a resolution. Thank you.
Beta Was this translation helpful? Give feedback.
All reactions