GSD-2022-1002527

Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002527.json
Published
2022-07-02T01:38:25.507792Z
Modified
2022-07-02T01:38:25.507792Z
Details

In bl.ink URL redirection service, as of 2022-07-07 an improperly formatted security header exists in the HSTS support, specifically the header served is "strict-transport-security: max-age=63072000; includeSubdomains;" which contains an extra semicolon (the final one is not needed), this may result in some client ignoring the HSTS header and thus rendering this security protection ineffective. As of 2022-07-08 this issue was corrected with the headers now displaying " strict-transport-security: max-age=63072000; includeSubdomains; preload"

References

Affected packages

GSD / URL redirection

URL redirection

Affected ranges

Affected versions

Other

all as of 2022-07-07