Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix open redirect vulnerability #945

Merged
merged 1 commit into from
Sep 10, 2021
Merged

Fix open redirect vulnerability #945

merged 1 commit into from
Sep 10, 2021

Conversation

MottiniMauro
Copy link
Contributor

An open redirect can be possible when users are able to set the value of
session[:return_to]. If the value used for return_to contains multiple
leading slashes (/////example.com) the user ends up being redirected the
external domain that comes after the slashes (http://example.com).

To fix this issue, extra sanitization was added when processing the
return_to url, removing multiple leading slashes to avoid the open
redirect.

Copy link
Contributor

@mike-burns mike-burns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking this on.

Copy link
Contributor

@gnfisher gnfisher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🦖

Copy link
Contributor

@Kirill89 Kirill89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

An open redirect can be possible when users are able to set the value of
session[:return_to]. If the value used for return_to contains multiple
leading slashes (/////example.com) the user ends up being redirected the
external domain that comes after the slashes (http://example.com).

To fix this issue, extra sanitization was added when processing the
return_to url, removing multiple leading slashes to avoid the open
redirect.

Co-authored-by: Kirill Efimov <kirill89@gmail.com>
@MottiniMauro MottiniMauro merged commit 5bcab3d into main Sep 10, 2021
@MottiniMauro MottiniMauro deleted the fix-open-redirect branch September 10, 2021 14:02
adafairweather added a commit to Silversheet/clearance that referenced this pull request Jan 10, 2022
thoughtbot#945

Since we're stuck on Rails 4 for a while yet, we are adding this fix to
an earlier, compatible version of clearance for our own use.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants