Due to improper request sanitization, a crafted URL can cause the static file handler to redirect to an attacker chosen URL, allowing for open redirect attacks.
{ "url": "https://pkg.go.dev/vuln/GO-2023-1567", "review_status": "REVIEWED" }
{ "imports": [ { "symbols": [ "SanitizedPathJoin" ], "path": "github.com/caddyserver/caddy/v2/modules/caddyhttp" }, { "symbols": [ "FileServer.Provision", "FileServer.ServeHTTP", "FileServer.directoryListing", "MatchFile.Match", "MatchFile.UnmarshalCaddyfile", "MatchFile.Validate", "fileInfo.HumanModTime", "fileInfo.HumanSize", "statusOverrideResponseWriter.WriteHeader" ], "path": "github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver" } ] }