Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Default regex tightened to address open URL redirection issue #346

Merged
merged 1 commit into from Apr 15, 2016

Conversation

alphaskade
Copy link
Contributor

It is possible to bypass the existing whitelist to redirect to a URL of an attacker's choosing using a schemaless URL. e.g. //github.com. This is because the current default regex whitelist checks only to ensure that the first character of the location header in the redirect request is a '/'. This has been assigned CVE-2015-8094, although no details have been released on it.

The changed regex is tightened to allow for '/' alone, but if more characters are found in the string, then the second character must be alphanumeric. No further restrictions are in place.

I'd like to encourage testing of this to ensure that the fix works as expected.

@romainr romainr merged commit cc1edfe into cloudera:master Apr 15, 2016
@romainr
Copy link
Contributor

romainr commented Apr 15, 2016

Thanks a lot!

And would you mind putting your name in the legal list of contributors?
https://github.com/cloudera/hue/wiki/Ccla#online-form

@alphaskade
Copy link
Contributor Author

This is reported as HUE-3626. I'll complete the rest of the work tonight.

Legal contributors: I'll make sure with my employer that there's no problems and then (with any luck) sign up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants