Lucene search

K
githubGitHub Advisory DatabaseGHSA-25GQ-JVX2-VG9X
HistoryMay 23, 2024 - 4:59 p.m.

Silverstripe X-Forwarded-Host request hostname injection

2024-05-2316:59:25
CWE-601
GitHub Advisory Database
github.com
7
injection
hostname
vulnerability
header
reverse proxy
fix
remote url
caching
nginx
htaccess

7.3 High

AI Score

Confidence

Low

A potential hostname injection vulnerability has been found which could allow attackers to alter url resolution.

If a request contains the X-Forwarded-Host HTTP header a website would then use its value in place of the actual HTTP hostname. In cases where caching is enabled, this could allow an attacker to potentially embed a remote url as the base_url for any site. This would then cause other visitors to the site to be redirected unknowingly.

This header is necessary for servers running behind a reverse proxy (such as nginx). Such servers are likely not vulnerable to this risk.

A fix has been merged into the default installer, although existing projects which do not run behind a reverse proxy should update their htaccess as below:

<IfModule mod_headers.c>
    # Remove X-Forwarded-Host header sent as a part of any request from the web
    RequestHeader unset X-Forwarded-Host
</IfModule>

Affected configurations

Vulners
Node
silverstripeframeworkRange<3.1.13
CPENameOperatorVersion
silverstripe/frameworklt3.1.13

7.3 High

AI Score

Confidence

Low