CVE-2021-32806: URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
(updated )
Various parts of Plone use the ‘is url in portal’ check for security, mostly to see if it is safe to redirect to a url. A url like https://example.org is not in the portal.
But the url https:example.org without slashes tricks our code and it is considered to be in the portal.
When redirecting, some browsers go to https://example.org, others give an error.
Attackers may use this to redirect you to their site, especially as part of a phishing attack.
References
- github.com/advisories/GHSA-q3m9-9fj2-mfwr
- github.com/plone/Products.isurlinportal
- github.com/plone/Products.isurlinportal/commit/d4fd34990d18adf05a10dc5e2bb4b066798280ba
- github.com/plone/Products.isurlinportal/security/advisories/GHSA-q3m9-9fj2-mfwr
- github.com/pypa/advisory-database/tree/main/vulns/products-isurlinportal/PYSEC-2021-323.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-32806
Detect and mitigate CVE-2021-32806 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →