-
Zack Deveau authored
The set of legal characters for an HTTP header value is described in https://datatracker.ietf.org/doc/html/rfc7230\#section-3.2.6. This commit adds a check to redirect_to that ensures the provided URL does not contain any of the illegal characters. Downstream consumers of the resulting Location response header may remove the header if it does not comply with the RFC. This can result in a cross site scripting (XSS) vector by allowing for the redirection page to sit idle waiting for user interaction with the provided malicious link. [CVE-2023-28362]
Zack Deveau authoredThe set of legal characters for an HTTP header value is described in https://datatracker.ietf.org/doc/html/rfc7230\#section-3.2.6. This commit adds a check to redirect_to that ensures the provided URL does not contain any of the illegal characters. Downstream consumers of the resulting Location response header may remove the header if it does not comply with the RFC. This can result in a cross site scripting (XSS) vector by allowing for the redirection page to sit idle waiting for user interaction with the provided malicious link. [CVE-2023-28362]
Loading