Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS01d3Z2LXE1ZnYtMjM4OM4AAwqh

hyper-staticfile's location header incorporates user input, allowing open redirect

When hyper-staticfile performs a redirect for a directory request (e.g. a request for /dir that redirects to /dir/), the Location header value was derived from user input (the request path), simply appending a slash. The intent was to perform an origin-relative redirect, but specific inputs allowed performing a scheme-relative redirect instead.

An attacker could craft a special URL that would appear to be for the correct domain, but immediately redirects to a malicious domain. Such a URL can benefit phishing attacks, for example an innocent looking link in an email.

Permalink: https://github.com/advisories/GHSA-5wvv-q5fv-2388
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01d3Z2LXE1ZnYtMjM4OM4AAwqh
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago


Identifiers: GHSA-5wvv-q5fv-2388
References: Repository: https://github.com/stephank/hyper-staticfile

Affected Packages

cargo:hyper-staticfile
Dependent packages: 24
Dependent repositories: 48
Downloads: 300,202 total
Affected Version Ranges: >= 0.10.0-alpha.1, < 0.10.0-alpha.5, < 0.9.4
Fixed in: 0.10.0-alpha.5, 0.9.4
All affected versions: 0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.7.0, 0.8.0, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.10.0-alpha.1, 0.10.0-alpha.2, 0.10.0-alpha.3, 0.10.0-alpha.4
All unaffected versions: 0.9.4, 0.9.5, 0.10.0