Headline
CVE-2022-29718: caddyhttp: Fix `MatchPath` sanitizing by francislavoie · Pull Request #4499 · caddyserver/caddy
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation 1 Commits 1 Checks 20 Files changed
Conversation
This is a followup to #4407, in response to a report on the forums: https://caddy.community/t/php-fastcgi-phishing-redirection/14542
Turns out that doing TrimRight to remove trailing dots, before cleaning the path, will cause double-dots at the end of the path to not be cleaned away as they should. We should instead remove the dots after cleaning.
This is a followup to #4407, in response to a report on the forums: https://caddy.community/t/php-fastcgi-phishing-redirection/14542
Turns out that doing `TrimRight` to remove trailing dots, _before_ cleaning the path, will cause double-dots at the end of the path to not be cleaned away as they should. We should instead remove the dots _after_ cleaning.
Copy link
Member
** mholt left a comment**
Ah, nice. Simple and elegant fix, LGTM. Thank you
nordstern pushed a commit to uptimerobot/caddy that referenced this issue
Jan 24, 2022
2 participants
Related news
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.