Описание
Open Redirect in serve-static
Versions of serve-static prior to 1.6.5 ( or 1.7.x prior to 1.7.2 ) are affected by an open redirect vulnerability on some browsers when configured to mount at the root directory.
Proof of Concept
A link to http://example.com//www.google.com/%2e%2e will redirect to //www.google.com/%2e%2e
Some browsers will interpret this as http://www.google.com/%2e%2e, resulting in an external redirect.
Recommendation
Version 1.7.x: Update to version 1.7.2 or later. Version 1.6.x: Update to version 1.6.5 or later.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-1164
- https://github.com/expressjs/serve-static/issues/26
- https://bugzilla.redhat.com/show_bug.cgi?id=1181917
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99936
- https://snyk.io/vuln/npm:serve-static:20150113
- https://www.npmjs.com/advisories/35
- http://www.securityfocus.com/bid/72064
Пакеты
serve-static
< 1.6.5
1.7.2
serve-static
>= 1.7.0, < 1.7.2
1.7.2
Связанные уязвимости
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.
Open redirect vulnerability in the serve-static plugin before 1.7.2 fo ...