Unvalidated Redirects

ID: VUL-007 • Severity: Low • Category: URL Redirection

Vulnerability Details

Identifiers

ID:
VUL-007
CWE:
CWE-601
CVSS:
3.8

Classification

Severity:
Low
Status:
Open
Category:
URL Redirection
False Positive:15.0%

Location

File:src/controllers/redirect.js
Line:12

Description

The application redirects users to URLs specified in request parameters without validation, which could be exploited for phishing attacks.

Timeline

Detected:Dec 21, 2023, 10:15 AM
Risk Assessment
Calculated risk score and contributing factors

Overall Risk Score

3.4/10

Low risk - address during regular maintenance

Contributing Factors

Severity2/10

Low severity vulnerabilities can have limited security impact

Exploitability4/10

URL Redirection vulnerabilities are less commonly exploited

False Positive Likelihood9/10

15% chance this is a false positive

Vulnerable Code
7app.get('/redirect', (req, res) => {
8  const url = req.query.url;
9  res.redirect(url);
10});
AI Fix Suggestions
Let AI generate multiple fix suggestions for this vulnerability

Generate AI Fix Suggestions

Our AI can analyze this vulnerability and suggest multiple approaches to fix it, tailored to your codebase and security requirements.