-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe analysis of the provided patch f257ca6edb64848c3b04b54d41e347c54fe57c05 clearly indicates that the open redirect vulnerability is located within the handle_404 method of the Datasette class in datasette/app.py. The commit message explicitly states it's a "Fix for open redirect". The code change involves adding a regular expression substitution path = re.sub(rb"^/+", b"/", path) to sanitize the path before creating a redirect. This change is located within the logic that handles paths ending with a trailing slash. The vulnerability is triggered when a user is directed to a URL with a double slash at the beginning of the path, which is then mishandled by the 404 handler, resulting in a redirect to an external site. The added test case in tests/test_custom_pages.py further confirms this by testing a request to //nastyOpenRedirect/ and asserting that the redirect location is the sanitized /nastyOpenRedirect and not an external domain.
Datasette.handle_404datasette/app.py
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| datasette | pip | < 0.65.2 | 0.65.2 |
| datasette | pip | >= 1.0a0, < 1.0a20 | 1.0a21 |
Ongoing coverage of React2Shell