Headline
CVE-2021-4260: Framework fix for open redirect vulnerability · mannyvergel/oils-js@fad8fba
A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268.
@@ -122,6 +122,9 @@ class Web {
}
this.app = express();
fixOpenRedirect(this);
this.events = {};
this.modelCache = new Object();
this.plugins = [];
@@ -763,6 +766,42 @@ function defaultRedirectToHttpsMiddleware(req, res) {
res.end();
}
function fixOpenRedirect(web) {
// Fix for open redirect security
let redirectSafe = web.app.response.redirect;
web.app.response.redirectSafe = function(url) {
return redirectSafe.call(this, url);
}
var addHostOnceFlag = true;
web.app.response.redirect = function(url) {
if (url.indexOf(‘://’) != -1) {
let req = this.req;
if (addHostOnceFlag) {
var host = req.protocol + ‘://’ + req.headers.host;
web.conf.allowedRedirectHosts.push(host);
addHostOnceFlag = false;
console.log("Added host once: " + host);
}
const found = web.conf.allowedRedirectHosts.find(el => url.indexOf(el) == 0);
if (!found) {
var ip = web.utils.getClientIp(req);
console.warn("Open redirect was triggered: ", req.method, req.user ? req.user.email : "unsigned user", ip, "accessed", req.url, req.headers[‘user-agent’]);
throw new Error(“Action not allowed.”);
}
}
return redirectSafe.call(this, url);
}
}
function startServer(web, cb) {
Related news
A vulnerability was found in oils-js. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue.