3 matches found
actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects
Summary actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing...
GHSA-VHJ5-X93P-67JW actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects
Summary actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing...
actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects
actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing open...