Описание
@misskey-dev/summaly Redirect Filter Bypass
Summary
A logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced.
Details
In the main summaly function, a new scrapingOptions object is created and passed to either the matched plugin, if any, or the default summarize function. The issue here is that the new scrapingOptions object is not provided the allowRedirects property of opts.
PoC
- Publish a post containing a link to any URL that redirects on Misskey.
- A preview will be generated for the target of the redirect, despite Misskey passing
allowRedirects: false.
Impact
Misskey will follow redirects, despite explicitly requesting not to.
Пакеты
@misskey-dev/summaly
>= 3.0.1, < 5.2.1
5.2.1
Связанные уязвимости
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.