Nanmozhi22
commented
2 weeks ago I will work on this issue
Closed Nanmozhi22 closed 2 days ago
Nanmozhi22
commented
2 weeks ago I will work on this issue
Nanmozhi22
commented
2 weeks ago Internal PR has been opened and code will be updated here soon
inteon
commented
2 days ago cmctl was moved to a separate repo. The issue has been fixed there in https://github.com/cert-manager/cmctl/pull/66. Thanks for reporting the issue.
Sanitizing untrusted URLs is an important technique for preventing attacks such as request forgeries and malicious redirections. Often, this is done by checking that the host of a URL is in a set of allowed hosts.
If a regular expression implements such a check, it is easy to accidentally make the check too permissive by not escaping regular-expression meta-characters such as ..
Even if the check is not used in a security-critical context, the incomplete check may still cause undesirable behavior when it accidentally succeeds.