sohutv / cachecloud

搜狐视频(sohu tv)Redis私有云平台 :支持Redis多种架构(Standalone、Sentinel、Cluster)高效管理、有效降低大规模redis运维成本,提升资源管控能力和利用率。平台提供快速搭建/迁移,运维管理,弹性伸缩,统计监控,客户端整合接入等功能。(CacheCloud is a Redis cloud management platform. It supports Standalone, Sentinel, and Cluster architectures for Redis, effectively reducing large-scale Redis operation and maintenance costs, and improving resource management and utilization. The platform provides rapid construction/migration, operation and maintenance management, elastic scaling, statistical monitoring, client integration and access and other functions)
http://cachecloud.github.io/
Apache License 2.0
8.9k stars 2.04k forks source link

Open Redirect #264

Closed QiAnXinCodeSafe closed 2 years ago

QiAnXinCodeSafe commented 3 years ago

https://github.com/sohutv/cachecloud/blob/f9dfc98eadcfd7d56821852ece0c73d14cb171e1/cachecloud-web/src/main/java/com/sohu/cache/web/controller/IndexController.java#L25-L32

Allowing unvalidated input to control the URL used in a redirect can aid phishing attacks.

In line 25, ‘redirectUrl’ is regarded to as tainted data,it will be affect line 32.

githubname1024 commented 2 years ago

There is login and auth check interceptor in project, so ignore this.