{"id":"GO-2024-3228","summary":"Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder","details":"Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder","aliases":["GHSA-wcx9-ccpj-hx3c"],"modified":"2026-03-03T04:55:57.274539Z","published":"2024-10-30T16:01:08Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-3228"},"references":[{"type":"ADVISORY","url":"https://github.com/coder/coder/security/advisories/GHSA-wcx9-ccpj-hx3c"},{"type":"FIX","url":"https://github.com/coder/coder/commit/69c1d981e3131e50d52b01f6a360abadaad699e6"}],"affected":[{"package":{"name":"github.com/coder/coder","ecosystem":"Go","purl":"pkg:golang/github.com/coder/coder"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3228.json"}},{"package":{"name":"github.com/coder/coder/v2","ecosystem":"Go","purl":"pkg:golang/github.com/coder/coder/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.3.1"},{"fixed":"2.14.4"},{"introduced":"2.15.0"},{"fixed":"2.15.3"},{"introduced":"2.16.0"},{"fixed":"2.16.1"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3228.json"}}],"schema_version":"1.7.3"}