Closed trafficone closed 1 year ago
This change modifies potentially malicious URLs with leading slashes and backslashes to ones with only a single slash, forcing them to be relative URLs.
URLs with consecutive slashes in the middle of the path are not affected.
Vulnerability details: https://security.snyk.io/vuln/SNYK-PYTHON-FLASKUSER-1293188 Description of URL Confusion Vulnerabilities https://snyk.io/blog/url-confusion-vulnerabilities/
This change modifies potentially malicious URLs with leading slashes and backslashes to ones with only a single slash, forcing them to be relative URLs.
URLs with consecutive slashes in the middle of the path are not affected.
Vulnerability details: https://security.snyk.io/vuln/SNYK-PYTHON-FLASKUSER-1293188 Description of URL Confusion Vulnerabilities https://snyk.io/blog/url-confusion-vulnerabilities/