Open Redirect Vulnerability in DataHub (BasePathRedirectFilter)
Package
datahub-frontend
Affected versions
<1.4.0.3
Patched versions
1.4.0.3
Description
Credits
-
mathiasror Reporter
mathiasror
Reporter
Impact
This is an open redirect vulnerability (CWE-601).
Patches
Yes, the vulnerability has been patched. The fix sanitizes path parameters by stripping leading forward slashes before constructing redirect URLs.
Users should upgrade to:
Version 1.4.0.3 (stable release) or later
Workarounds
References