Skip to content

Redirect URLs are not sanitized in some cases #19346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jeremystretch opened this issue Apr 28, 2025 · 0 comments · Fixed by #19347
Closed

Redirect URLs are not sanitized in some cases #19346

jeremystretch opened this issue Apr 28, 2025 · 0 comments · Fixed by #19347
Assignees
@jeremystretch
Labels
severity: medium Results in substantial degraded or broken functionality for specfic workflows status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application
Milestone
v4.2.9

Comments

@jeremystretch
Copy link
Member

Deployment Type

Self-hosted

NetBox Version

v4.2.8

Python Version

3.10

Steps to Reproduce

There are a few instances where NetBox returns a redirect crafted from the URL specified in a request. For instance:

netbox/netbox/dcim/views.py

Line 3797 in 81dfaf0

return redirect(request.get_full_path())

Expected Behavior

These values should be validated using Django's url_has_allowed_host_and_scheme() function prior to use.

Observed Behavior

These values are passed directly to the HTTP response object.
@jeremystretch jeremystretch added status: needs triage This issue is awaiting triage by a maintainer type: bug A confirmed report of unexpected behavior in the application labels Apr 28, 2025
@jeremystretch jeremystretch self-assigned this Apr 28, 2025
@jeremystretch jeremystretch added status: accepted This issue has been accepted for implementation severity: medium Results in substantial degraded or broken functionality for specfic workflows and removed status: needs triage This issue is awaiting triage by a maintainer labels Apr 28, 2025
@jeremystretch jeremystretch mentioned this issue Apr 28, 2025
Merged
bctiemann added a commit that referenced this issue Apr 30, 2025
@bctiemann
Merge pull request #19347 from netbox-community/19346-redirect-checks
c0e6168 
Fixes #19346: Ensure all redirect URLs are validated
@jeremystretch jeremystretch added this to the v4.2.9 milestone Apr 30, 2025
@jeremystretch jeremystretch mentioned this issue Apr 30, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeremystretch jeremystretch

Labels
severity: medium Results in substantial degraded or broken functionality for specfic workflows status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application
Projects
None yet
Milestone
v4.2.9
Development

Successfully merging a pull request may close this issue.

Fixes #19346: Ensure all redirect URLs are validated netbox-community/netbox
1 participant
@jeremystretch