GHSA-g3cm-qg2v-2hj5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g3cm-qg2v-2hj5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-g3cm-qg2v-2hj5/GHSA-g3cm-qg2v-2hj5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g3cm-qg2v-2hj5
- Aliases
- Published
- 2024-02-05T23:23:22Z
- Modified
- 2024-02-16T08:24:34.523629Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
- Details
-
Summary
Open redirect vulnerability due to incorrect validation of input values when redirecting users after login.
Details
pyload is validating URLs via the
get_redirect_urlfunction when redirecting users at login.The URL entered in the
nextvariable goes through theis_safe_urlfunction, where a lack of validation can redirect the user to an arbitrary domain.The documentation in the urllib library shows that improper URLs are recognized as relative paths when using the
urlparsefunction. (https://docs.python.org/3/library/urllib.parse.html#urllib.parse.urlparse)For example, When an unusual URL like
https:///example.comis entered,urlparseinterprets it as a relative path, but in the actual request it is converted tohttps://example.comdue to url normalization.PoC
In the next variable, insert the URL to which you want to redirect the user.
Check that it is possible to bypass url validation and redirect users to an arbitrary url.
Impact
An attacker can use this vulnerability to redirect users to malicious websites, which can be used for phishing and similar attacks.
- References
Affected packages
PyPI / pyload-ng
Package
- Name
- pyload-ng
- View open source insights on deps.dev
- Purl
- pkg:pypi/pyload-ng
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.5.0b3.dev79