dapperdox icon indicating copy to clipboard operation
dapperdox copied to clipboard

Published 20 hours ago verified publisher icon DapperDox

Open redirect

Open Timvde opened this issue 6 years ago • 2 comments

We found an open redirect in dapperdox. Installed latest version (1.2.1) with go get.

Steps to reproduce:

  • Download and compile dapperdox
  • dapperdox --spec-dir=examples/specifications/petstore
  • Browse to http://localhost:3123//%5cexample.com

Result: http://example.com loads Expected result: 404 page

Timvde avatar Dec 20 '18 12:12 Timvde

I just noticed that the 1.2.1 I got from go get isn't the latest... I'll try again with 1.2.2. But it doesn't seem to be a new issue, since we originally found it in 1.1.1.

Edit: confirmed still an issue in 1.2.2.

Timvde avatar Dec 20 '18 12:12 Timvde

I debugged this and submitted a PR to pat: https://github.com/gorilla/pat/pull/20. So far, no response yet.

Timvde avatar Mar 05 '19 08:03 Timvde