Skip to content

Fix open redirect vulnerability #945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 10, 2021
Merged

Fix open redirect vulnerability #945

merged 1 commit into from
Sep 10, 2021

Conversation

MottiniMauro
Copy link
Contributor

An open redirect can be possible when users are able to set the value of
session[:return_to]. If the value used for return_to contains multiple
leading slashes (/////example.com) the user ends up being redirected the
external domain that comes after the slashes (http://example.com).

To fix this issue, extra sanitization was added when processing the
return_to url, removing multiple leading slashes to avoid the open
redirect.

mike-burns
mike-burns approved these changes Aug 31, 2021
View reviewed changes
Copy link
Contributor

@mike-burns mike-burns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking this on.

gnfisher
gnfisher approved these changes Aug 31, 2021
View reviewed changes
Copy link
Contributor

@gnfisher gnfisher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🦖

Kirill89
Kirill89 approved these changes Sep 5, 2021
View reviewed changes
Copy link
Contributor

@Kirill89 Kirill89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@MottiniMauro @Kirill89
Fix open redirect vulnerability
4372c38 
An open redirect can be possible when users are able to set the value of
session[:return_to]. If the value used for return_to contains multiple
leading slashes (/////example.com) the user ends up being redirected the
external domain that comes after the slashes (http://example.com).

To fix this issue, extra sanitization was added when processing the
return_to url, removing multiple leading slashes to avoid the open
redirect.

Co-authored-by: Kirill Efimov <kirill89@gmail.com>
@MottiniMauro MottiniMauro merged commit 5bcab3d into main Sep 10, 2021
@MottiniMauro MottiniMauro deleted the fix-open-redirect branch September 10, 2021 14:02
adafairweather added a commit to Silversheet/clearance that referenced this pull request Jan 10, 2022
@adafairweather
Porting open redirect vulnerability fix back to v1.17.0
5909719 
thoughtbot#945

Since we're stuck on Rails 4 for a while yet, we are adding this fix to
an earlier, compatible version of clearance for our own use.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
3 more reviewers

@mike-burns mike-burns mike-burns approved these changes

@Kirill89 Kirill89 Kirill89 approved these changes

@gnfisher gnfisher gnfisher approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MottiniMauro @mike-burns @Kirill89 @gnfisher