php · cakephp/authenticationHeads-up
cakephp/authentication getLoginRedirect() backslash bypass vulnerability
The `getLoginRedirect()` method had a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames.
What changed
The `getLoginRedirect()` method had a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames. Fixed in versions 3.3.6 and 4.1.1.
Who it affects
Users of cakephp/authentication using versions prior to 3.3.6 or 4.1.1.
What to do today
Upgrade to version 3.3.6 or 4.1.1, or add application validation to the redirect query string parameter.
The trail
Collected→
Audited→
Written→
Published