6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-0637

GHSA ID

GHSA-vg27-hr3v-3cqv

EPSS Score

0.19201%

CWE

CWE-601

Published

2/16/2022

Updated

5/22/2023

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-0637

CVE-2022-0637: open redirect in pollbot

(From https://bugzilla.mozilla.org/show_bug.cgi?id=1753838)

Summary: There was an open redirection vulnerability in the path of:

https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/

Description: An attacker can redirect anyone to malicious sites.

Steps To Reproduce: Type in this URL:

https://pollbot.services.mozilla.com/%0a/evil.com/

It redirects to that website

evil.com

evil.com was used as an example but this could be any website. Note, the /%0a/ and trailing / are required.

Supporting Material/References: https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html

Impact

Attackers can serve malicious websites that steal passwords or download ransomware to their victims machine due to a redirect and there are a heap of other attack vectors.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-0637

GHSA ID

GHSA-vg27-hr3v-3cqv

EPSS Score

0.19201%

CWE

CWE-601

Published

2/16/2022

Updated

5/22/2023

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
pollbot	pip	< 1.4.6	1.4.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from the trailing slash redirect logic in handle_404. The original code used request.path.strip('/') to sanitize paths, but failed to account for whitespace characters (like %0a). Attackers could inject URLs like /%0a/evil.com/ which, after stripping '/' but not whitespace, would resolve to evil.com. The patch explicitly adds string.whitespace to the strip() call, confirming this was the root cause. The tests added in test_views.py validate that whitespace is now stripped, further corroborating the function's role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

(*rom *ttps://*u*zill*.mozill*.or*/s*ow_*u*.**i?i*=*******) Summ*ry: T**r* w*s *n op*n r**ir**tion vuln*r**ility in t** p*t* o*: *ttps://poll*ot.s*rvi**s.mozill*.*om/ *n* *ttps://poll*ot.st***.moz*ws.n*t/ **s*ription: *n *tt**k*r **n r**ir**t *nyo

Reasoning

T** vuln*r**ility st*mm** *rom t** tr*ilin* sl*s* r**ir**t lo*i* in **n*l*_***. T** ori*in*l *o** us** r*qu*st.p*t*.strip('/') to s*nitiz* p*t*s, *ut **il** to ***ount *or w*it*sp*** ***r**t*rs (lik* %**). *tt**k*rs *oul* inj**t URLs lik* /%**/*vil.*

6.1

Basic Information

Concerned about an active attack path?

CVE-2022-0637: open redirect in pollbot

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI