URL Redirection to Untrusted Site (‘Open Redirect’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses untrusted user input directly in the URL parameter when redirecting in a NestJS controller. This allows attackers to control the destination of the redirect, leading to an Open Redirect vulnerability.
Impact#
An attacker could trick users into visiting malicious websites by crafting links that appear to come from your application. This can result in phishing attacks, loss of user trust, and potential compromise of user accounts or sensitive data.