CWE-601 Open Redirect

What this means

SiteShadow flagged redirect logic where an attacker can influence the redirect destination.

Why it matters

Open redirects enable phishing and token leakage.

• Phishing: attackers use your trusted domain to bounce users to a malicious site.
• Auth leakage: misconfigured OAuth flows can leak codes/tokens via redirects.

Safer examples

1) Only allow relative redirects

const next = req.query.next || "/dashboard";
if (!next.startsWith("/")) throw new Error("Invalid redirect");
res.redirect(next);

2) If you must allow absolute URLs, allowlist hosts

Reject redirects to unknown domains, and normalize before comparing.

3) Avoid reflecting arbitrary URLs

Use server-side route names or IDs rather than raw URLs from the client.

How SiteShadow detects it (high level)

• Flags redirect(...) calls using request-derived parameters (next, returnUrl, redirect).
• Checks for missing allowlists/validation around redirect destinations.

References

• CWE-601: https://cwe.mitre.org/data/definitions/601.html

---

← Back to Vulnerability Library