Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security vulnerability #1613

Closed
wants to merge 6 commits into from
Closed

Security vulnerability #1613

wants to merge 6 commits into from

Conversation

flooie
Copy link
Contributor

@flooie flooie commented Mar 12, 2021

PR addresses two security vulnerabilites identified via the bug bounty program.

Reflected XSS
This allowed injected javascript code to be executed into a user's session with courtlistener via malicious links.

Open Redirect
This vulnerability allowed a malicious link to redirect a user, unsuspectingly to a malicious website.

Fix follows typical suggestions to,

  1. Escape parameters in all redirects via sanitization function;
  2. Check for CRLF characters and re-redirect with other garbage urls.

flooie and others added 6 commits March 12, 2021 09:49
Our redirects were not prepared for
CRLF injection attacks.

Added a check for Carriage Returns and Line Feeds in redirect params
Fix adds more protection against injection attacks
Test javascript injection w/ CRLF attack
@mlissner mlissner closed this in 672847c Mar 12, 2021
@mlissner mlissner deleted the security-vulnerability branch March 12, 2021 20:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants