215 matches found
Google Sign-In for Rails allowed redirect to protocol-relative URI
Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...
CVE-2025-55303
Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...
CVE-2025-55303
Astro before 5.13.2 and 4.16.18 has an information disclosure vulnerability in the on-demand rendering image optimization endpoint (_image) that can bypass third-party domain restrictions using protocol-relative URLs (e.g., /_image?href=//example.com/image.png). This allows serving images from un...
CVE-2025-55303 Unauthorized third-party images in Astro’s _image endpoint
Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...
CVE-2025-55303 Unauthorized third-party images in Astro’s _image endpoint
Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...
CVE-2025-55303 Unauthorized third-party images in Astro’s _image endpoint
Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...
Astro allows unauthorized third-party images in _image endpoint
Summary In affected versions of astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. Details On-demand rendered sites built with Astro include an /image endpoint which returns optimized versions of...
GHSA-XF8X-J4P2-F749 Astro allows unauthorized third-party images in _image endpoint
Summary In affected versions of astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. Details On-demand rendered sites built with Astro include an /image endpoint which returns optimized versions of...
PT-2025-33828
Name of the Vulnerable Software and Affected Versions: Astro versions prior to 5.13.2 Astro versions prior to 4.16.18 Description: Astro is a web framework for content-driven websites. The image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized...
Open Redirect
Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Open Redirect the trailing slash redirection logic when handling URLs with double slashes in the path. An attacker can redirect users to arbitrary external...
webob: WebOb's location header normalization during redirect leads to open redirect
A vulnerability was found in the WebOb package. WebOb normalizes the HTTP Location header using urlparse and urljoin. If the URL starts with //, urlparse treats the following part as the hostname, and replaces the original request's hostname. This issue, combined with user interaction, may become...
Mozilla: Bypass "No Links" Restriction in Biography via Protocol-Relative URL (//)
The report identifies a bypass vulnerability in the biography field on addons.allizom.org. Despite the application's policy against allowing links, it was possible to embed functional hyperlinks using protocol-relative URLs //evil.com. This violation of the declared application policy was achieve...
CVE-2021-46898
views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...
Security Bulletin: The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios, affects watsonx.data
Summary axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This...
CLSA-2025-1736889411 Fix CVE(s): CVE-2023-41080
SECURITY UPDATE: Security vulnerability in URL redirection - debian/patches/CVE-2023-41080.patch: Avoid protocol relative redirects in FORM authentication - CVE-2023-41080...
CLSA-2024-1735119580 Fix CVE(s): CVE-2023-41080
SECURITY UPDATE: Untrusted Site Redirection Vulnerability in FORM authentication feature - debian/patches/CVE-2023-41080.patch: Avoid protocol relative redirects in FORM authentication - CVE-2023-41080...
Security Bulletin: Vulnerability in Axios affects IBM watsonx.data
Summary Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. This can affect watsonx.data...
SUSE CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...
CVE-2024-39338
A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack SSRF caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server...
GHSA-8HC4-VH64-CXMJ Server-Side Request Forgery in axios
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs...