When hyper-staticfile
performs a redirect for a directory request (e.g. a request for /dir
that redirects to /dir/
), the Location
header value was derived from user input (the request path), simply appending a slash. The intent was to perform an origin-relative redirect, but specific inputs allowed performing a scheme-relative redirect instead.
An attacker could craft a special URL that would appear to be for the correct domain, but immediately redirects to a malicious domain. Such a URL can benefit phishing attacks, for example an innocent looking link in an email.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-601" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-12-30T16:57:28Z" }