CVE-2021-22963 – fastify-static: open redirect via an URL with double slash followed by a domain
https://notcve.org/view.php?id=CVE-2021-22963
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false. Una vulnerabilidad de redirección en el módulo fastify-static versiones anteriores a 4.2.4, permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios por medio de una doble barra // seguida de un dominio: http://localhost:3000//google.com/%2e%2e. El problema aparece en todas las aplicaciones fastify-static que establecen la opción redirect: true. Por defecto, es false • https://hackerone.com/reports/1354255 https://access.redhat.com/security/cve/CVE-2021-22963 https://bugzilla.redhat.com/show_bug.cgi?id=2015152 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2021-22964
https://notcve.org/view.php?id=CVE-2021-22964
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is "http://localhost:3000//^/.."`The issue shows up on all the `fastify-static` applications that set `redirect: true` option. By default, it is `false`. Una vulnerabilidad de redirección en el módulo "fastify-static" versiones posteriores a 4.2.4 incluyéndola, y anteriores a 4.4.1, permite a atacantes remotos redirigir a usuarios de Mozilla Firefox a sitios web arbitrarios por medio de una doble barra "//" seguida de un dominio: "http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e". Es posible una vulnerabilidad de DOS si la URL contiene caracteres no válidos "curl --path-as-is "http://localhost:3000//^/.." • https://hackerone.com/reports/1361804 • CWE-400: Uncontrolled Resource Consumption CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •