CVE-2017-1000163 – phoenix

Package

Manager: erlang
Name: phoenix
Vulnerable Version: >=0 <1.0.6 || >=1.1.0 <1.1.8 || >=1.2.0 <1.2.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01793 pctl0.82035

Details

Phoenix Arbitrary URL Redirect The Phoenix team designed `Phoenix.Controller.redirect/2` to protect against redirects allowing user input to redirect to an external URL where your application code otherwise assumes a local path redirect. This is why the `:to` option is used for “local” URL redirects and why you must pass the `:external` option to intentionally allow external URLs to be redirected to. It has been disclosed that carefully crafted user input may be treated by some browsers as an external URL. An attacker can use this vulnerability to aid in social engineering attacks. The most common use would be to create highly believable phishing attacks. For example, the following user input would pass local URL validation, but be treated by Chrome and Firefox as external URLs: `http://localhost:4000/?redirect=/\nexample.com` Not all browsers are affected, but latest Chrome and Firefox will issue a get request for `example.com` and successfully redirect externally

Metadata

Created: 2022-04-12T21:16:09Z
Modified: 2023-09-07T23:06:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-cmfh-8f8r-fj96/GHSA-cmfh-8f8r-fj96.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-cmfh-8f8r-fj96
Finding: F156
Auto approve: 1