GHSA-9q64-mpxx-87fg: 
JavaScript vulnerability analysis and mitigation

The ecstatic npm package was found to contain an Open Redirect vulnerability affecting versions prior to 4.1.2, 3.3.2, or 2.2.2. This security issue was published to the GitHub Advisory Database on April 1, 2020, and was last updated on January 9, 2023. The vulnerability has been assigned a high severity rating and is tracked under the identifier GHSA-9q64-mpxx-87fg (GitHub Advisory).

The vulnerability stems from the package's failure to properly validate redirects, which allows malicious actors to craft specific requests that result in HTTP 301 redirects to arbitrary domains. The issue has been assigned CWE-601 classification. The vulnerability received a CVSS v3.1 base score of 7.5 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability could allow attackers to redirect users to arbitrary domains, potentially leading to phishing attacks or other malicious redirections. The high severity rating indicates significant potential impact on affected systems (GitHub Advisory).

Users are advised to upgrade to the patched versions: for ecstatic 4.x, upgrade to version 4.1.2 or later; for ecstatic 3.x, upgrade to version 3.3.2 or later; and for ecstatic 2.x, upgrade to version 2.2.2 or later (GitHub Advisory).