Closed Nanmozhi22 closed 2 days ago
I will work on this issue
Internal PR has been opened and code will be updated here soon
cmctl was moved to a separate repo. The issue has been fixed there in https://github.com/cert-manager/cmctl/pull/66. Thanks for reporting the issue.
Sanitizing untrusted URLs is an important technique for preventing attacks such as request forgeries and malicious redirections. Often, this is done by checking that the host of a URL is in a set of allowed hosts.
If a regular expression implements such a check, it is easy to accidentally make the check too permissive by not escaping regular-expression meta-characters such as ..
Even if the check is not used in a security-critical context, the incomplete check may still cause undesirable behavior when it accidentally succeeds.