Listen to this Post
How the CVE Works
The vulnerability exists in the `RedirectSlashes` middleware of go-chi (v5.2.1). The function constructs a redirect URL using the `Host` header from incoming HTTP requests without proper validation (line 55 in middleware/strip.go). An attacker can manipulate the `Host` header to force a redirect to an arbitrary domain, leading to an open redirect. This occurs because the middleware trusts user-supplied `Host` headers when building the `Location` header for HTTP redirects.
DailyCVE Form
Platform: go-chi
Version: v5.2.1
Vulnerability: Host header injection
Severity: Medium
Date: 2023-05-15
Prediction: Patch by 2023-06-10
What Undercode Say
Analytics:
curl -iL -H "Host: attacker.com" http://victim:8080/test/
r.Use(middleware.RedirectSlashes) // Vulnerable middleware
How Exploit
1. Attacker crafts malicious `Host` header.
2. Victim visits manipulated URL.
3. Server redirects to attacker-controlled domain.
Protection from this CVE
- Use `r.RequestURI` instead of
Host. - Validate `Host` headers against allowlist.
- Disable `RedirectSlashes` if unused.
Impact
- Phishing attacks
- Credential theft
- Malware distribution
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
