fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator, changing the URIs authority to the second domain. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the input appeared to specify. Versions <= 3.1.1 are affected. Update to 3.1.2 or later.
Weakness
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fast-uri | Openjsf | * | 3.1.2 (excluding) |
| Multicluster engine for Kubernetes 2.11 | RedHat | multicluster-engine/console-mce-rhel9:1780910888 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.16 | RedHat | rhacm2/console-rhel9:1780600823 | * |
| Red Hat Developer Hub 1.9 | RedHat | rhdh/rhdh-hub-rhel9:1781187342 | * |
| Red Hat Satellite 6.18 | RedHat | satellite/iop-vulnerability-frontend-rhel9:1781032495 | * |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/105.html
- https://cwe.mitre.org/data/definitions/273.html
- https://cwe.mitre.org/data/definitions/34.html