Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Prevent redirect to URLs that begin with '///'
Visiting a logout URL like this:
https://rp.example.co.jp/mellon/logout?ReturnTo=///fishing-site.example.com/logout.html
would have redirected the user to fishing-site.example.com
With the patch, this URL would be rejected.
Fixes: CVE-2021-3639- Loading branch information