VULNERABILITY! passport-openid npm package 1.0.4 does not check return_to

[dilame]

This issue is not related directly to this library, but to sub-library from @jaredhanson passport-openid.
jaredhanson/passport-openid#41
I created it 10 days ago and still no answer, but it is important, i just need to draw attention to this problem.

[Poikilos]

see related (Noiwex has link to fork installable via npm) jaredhanson/passport-openid#35 -- there was no PR ever made for the fix (update to openid 2.0.x) so I made it: jaredhanson/passport-openid#43

[rwky]

Forked and merged into https://github.com/passport-next/passport-openid

Install with npm install @passport-next/passport-openid