Open redirect detected.

Rule ID: javascript_lang_open_redirect
Languages: javascript
Source: open_redirect.yml

Description

A redirect using unsanitized user input is bad practice and puts your application at greater risk of phishing attacks.

Remediations

Avoid using redirects and forwards.

Resources

OWASP open redirect

Associated CWE

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

OWASP Top 10

A01:2021 - Broken Access Control

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_lang_open_redirect

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_lang_open_redirect

Ready to take the next step? Learn more about Bearer Cloud.