Skip to content

Security Issue: Open Redirect allowed by default #355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cbravo opened this issue Jan 31, 2024 · 2 comments · Fixed by #358
Closed

Security Issue: Open Redirect allowed by default #355

cbravo opened this issue Jan 31, 2024 · 2 comments · Fixed by #358

Comments

@cbravo
Copy link

cbravo commented Jan 31, 2024
edited
Loading

I just created and deployed a blank project using the instructions from the docs 

pnpm create next-app
pnpm create sst
pnpm sst deploy --stage redirect-test

with the settings below.
image
Without changing any of the code I deployed to https://d2layld3p8p37s.cloudfront.net/

https://d2layld3p8p37s.cloudfront.net//evil.com/ results in redirecting to evil.com which obviously would allow a malicious user to take advantage of my domain name to forward people to potentially dangerous urls.

note the trailing slash. It must have something to do with the trailing slash because without the trailing slash it works properly and 404s.

Improper Redirect: https://d2layld3p8p37s.cloudfront.net//evil.com/
Proper 404 behaviour https://d2layld3p8p37s.cloudfront.net//evil.com

this is using

"sst": "^2.40.1",
"next": "14.1.0",
@cbravo
Copy link
Author

cbravo commented Jan 31, 2024
edited
Loading

I should note that I tested the example link in the open-next repo readme and it DOES NOT behave this way but an out of the box deployment with the settings above does seem to allow for this unexpected redirect.

@conico974
Copy link
Contributor

Good catch, i think i know what's the issue here, i'll create a PR later today.
As you've said it's very likely to have something to do with the trailing slash

@conico974 conico974 mentioned this issue Feb 1, 2024
Merged
@conico974 conico974 mentioned this issue Feb 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix trailing slash redirect to external domain conico974/open-next
2 participants
@conico974 @cbravo