commit 0997043f459ac616b594363b5b253bd0ae6ed9eb
Author: Sean Mooney <email address hidden>
Date: Mon Aug 23 15:37:48 2021 +0100
address open redirect with 3 forward slashes
Ie36401c782f023d1d5f2623732619105dc2cfa24 was intended
to address OSSA-2021-002 (CVE-2021-3654) however after its
release it was discovered that the fix only worked
for urls with 2 leading slashes or more then 4.
This change adresses the missing edgecase for 3 leading slashes
and also maintian support for rejecting 2+.
Change-Id: I95f68be76330ff09e5eabb5ef8dd9a18f5547866
co-authored-by: Matteo Pozza
Closes-Bug: #1927677
(cherry picked from commit 6fbd0b758dcac71323f3be179b1a9d1c17a4acc5)
(cherry picked from commit 47dad4836a26292e9d34e516e1525ecf00be127c)
(cherry picked from commit 9588cdbfd4649ea53d60303f2d10c5d62a070a07)
Reviewed: https:/ /review. opendev. org/c/openstack /nova/+ /806628 /opendev. org/openstack/ nova/commit/ 0997043f459ac61 6b594363b5b253b d0ae6ed9eb
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/ussuri
commit 0997043f459ac61 6b594363b5b253b d0ae6ed9eb
Author: Sean Mooney <email address hidden>
Date: Mon Aug 23 15:37:48 2021 +0100
address open redirect with 3 forward slashes
Ie36401c782 f023d1d5f262373 2619105dc2cfa24 was intended
to address OSSA-2021-002 (CVE-2021-3654) however after its
release it was discovered that the fix only worked
for urls with 2 leading slashes or more then 4.
This change adresses the missing edgecase for 3 leading slashes
and also maintian support for rejecting 2+.
Change-Id: I95f68be76330ff 09e5eabb5ef8dd9 a18f5547866 323f3be179b1a9d 1c17a4acc5) e9d34e516e1525e cf00be127c) 53d60303f2d10c5 d62a070a07)
co-authored-by: Matteo Pozza
Closes-Bug: #1927677
(cherry picked from commit 6fbd0b758dcac71
(cherry picked from commit 47dad4836a26292
(cherry picked from commit 9588cdbfd4649ea