CVE-2016-2512: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
(updated )
Django relies on user input in some cases (e.g. django.contrib.auth.views.login()
and i18n) to redirect the user to an “on success” URL. The security check for these redirects (namely django.utils.http.is_safe_url()
) considered some URLs with basic authentication credentials “safe” when they shouldn’t be. For example, a URL like http://mysite.example.com\@attacker.com
would be considered safe if the request’s host is http://mysite.example.com
, but redirecting to this URL sends the user to attacker.com
. Also, if a developer relies on is_safe_url()
to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
References
Detect and mitigate CVE-2016-2512 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →