GMS-2015-29: Open Redirect attacks

September 17, 2015

Shis package are vulnerable to Open Redirect attacks. When a colon is present in the URL path, the urljoin method ignores the upstream request and redirects it to a path cntrolled by an attacker, possibly causing content injection.

References

github.com/TracyWebTech/django-revproxy/blob/master/CHANGELOG.rst
github.com/TracyWebTech/django-revproxy/commit/e9b4dfd162c73adbad6077355c9420d0c40d4f3f

Detect and mitigate GMS-2015-29 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →