node-http-proxy
node-http-proxy copied to clipboard
http-party
Improper Handling of Extra Parameters
Package Manager: npm Vulnerable module: follow-redirects Introduced through: t, [email protected] and others Detailed paths Introduced through: › [email protected] › [email protected] › [email protected] › [email protected] Overview Affected versions of this package are vulnerable to Improper Handling of Extra Parameters due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
PoC
Case 1 : Bypassing localhost restriction
let url = 'http://[localhost]/admin';
try{
new URL(url); // ERROR : Invalid URL
}catch{
url.parse(url); // -> http://localhost/admin
}
# Case 2 : Bypassing domain restriction
let url = 'http://attacker.domain*.allowed.domain:a';
try{
new URL(url); // ERROR : Invalid URL
}catch{
url.parse(url); // -> http://attacker.domain/*.allowed.domain:a
}
Remediation Upgrade follow-redirects to version 1.15.4 or higher.
