GSD-2022-1002527

See a problem?
Please try reporting it to the source first.

Source

https://data.gsd.id/GSD-2022-1002527

Import Source

https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002527.json

JSON Data

https://api.osv.dev/v1/vulns/GSD-2022-1002527

Withdrawn

2023-03-14T07:01:09.293526Z

Published

2022-07-02T01:38:25.507792Z

Modified

2023-03-14T07:01:09.293526Z

Summary

improperly formatted security headers in URL redirection version all as of 2022-07-07

Details

In bl.ink URL redirection service, as of 2022-07-07 an improperly formatted security header exists in the HSTS support, specifically the header served is "strict-transport-security: max-age=63072000; includeSubdomains;" which contains an extra semicolon (the final one is not needed), this may result in some client ignoring the HSTS header and thus rendering this security protection ineffective. As of 2022-07-08 this issue was corrected with the headers now displaying " strict-transport-security: max-age=63072000; includeSubdomains; preload"

References

https://csaurl.org/

GSD-2022-1002527

Affected packages