| Details | |
|---|---|
| Alert ID | 220002-3 |
| Alert Type | Tool |
| Status | alpha |
| Risk | Medium |
| CWE | 601 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-601 OWASP_2021_A01 OWASP_2025_A01 TOOL_PTK |
Summary
Detects client-side code that can redirect users to attacker-controlled URLs (open redirects). Includes assignment/calls that control window/location/navigation, attr-based redirects, form actions and jQuery variants.
Generated by OWASP PTK SAST Module
Solution
Prevent open redirects by validating or allow-listing redirect targets, rejecting external or absolute URLs from untrusted sources, and mapping user inputs to predefined safe destinations instead of using them directly in navigation APIs.Other Info
References
- https://owasp.org/www-community/attacks/Unvalidated_Redirects_and_Forwards
- https://cwe.mitre.org/data/definitions/601.html