- Reported
-
- Issued
-
- Package
-
hyper-staticfile
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#open-redirect
#http
- Aliases
-
- References
-
- Patched
-
Description
When hyper-staticfile performs a redirect for a directory request (e.g. a
request for /dir that redirects to /dir/), the Location header value was
derived from user input (the request path), simply appending a slash. The
intent was to perform an origin-relative redirect, but specific inputs
allowed performing a scheme-relative redirect instead.
An attacker could craft a special URL that would appear to be for the correct
domain, but immediately redirects to a malicious domain. Such a URL can benefit
phishing attacks, for example an innocent looking link in an email.
Advisory available under CC0-1.0
license.