GSD-2022-1002527

Import Source

https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002527.json

Withdrawn

2023-03-14T07:01:09.293526Z

Published

2022-07-02T01:38:25.507792Z

Modified

2023-03-14T07:01:09.293526Z

Details

In bl.ink URL redirection service, as of 2022-07-07 an improperly formatted security header exists in the HSTS support, specifically the header served is "strict-transport-security: max-age=63072000; includeSubdomains;" which contains an extra semicolon (the final one is not needed), this may result in some client ignoring the HSTS header and thus rendering this security protection ineffective. As of 2022-07-08 this issue was corrected with the headers now displaying " strict-transport-security: max-age=63072000; includeSubdomains; preload"

References

https://csaurl.org/

GSD-2022-1002527

Affected packages