ranjit-git
commented
2 years ago security fix for https://github.com/tomas/needle/issues/385
Closed ranjit-git closed 2 years ago
ranjit-git
commented
2 years ago security fix for https://github.com/tomas/needle/issues/385
tomas
commented
2 years ago Fixed in #387
ranjit-git
commented
2 years ago @tomas Happy to secure opensource project . Can you plz Mark the report as valid https://huntr.dev/bounties/03ac704d-6ccf-4d4b-bed3-f123f4e31dcd/ so that huntr team can assign a bounty for this report and this will help us to disclose more security bug to opensource project Responsively. Let me know if you have any issue to view the report. Thanks again
tomas
commented
2 years ago Thank you for the report, but please don't force me to sign up for your service (looks great though). Feel free to mark as resolved on your end!
ranjit-git
commented
2 years ago @tomas no problem. As I am the reporter I can't resolve the report myself But I will ask admin to look into this and will reference this patch commit hash .
Thanks again and sorry for inconvenience
tomas
commented
2 years ago Great, thanks
SxLiuYu
commented
2 years ago Fixed in #387
Hello, I tested needle 3.0.0 and 3.1.0, and this problem still exists !
tomas
commented
2 years ago That's weird. If so, please open a new issue with an example snippet so I can reproduce it.
bug reported to https://huntr.dev/bounties/03ac704d-6ccf-4d4b-bed3-f123f4e31dcd/ When accessing a url with Authorization and if received a Location redirect header with different host then needle will follow this redirect and also send the Authorization to this thirdparty redirect url . You must prevent this Authorization header leak .