commit 9588cdbfd4649ea53d60303f2d10c5d62a070a07
Author: Sean Mooney <email address hidden>
Date: Mon Aug 23 15:37:48 2021 +0100
address open redirect with 3 forward slashes
Ie36401c782f023d1d5f2623732619105dc2cfa24 was intended
to address OSSA-2021-002 (CVE-2021-3654) however after its
release it was discovered that the fix only worked
for urls with 2 leading slashes or more then 4.
This change adresses the missing edgecase for 3 leading slashes
and also maintian support for rejecting 2+.
NOTE: conflict is due to I58b0382c86d4ef798572edb63d311e0e3e6937bb
is missing in Victoria and Ie36401c782f023d1d5f2623732619105dc2cfa24
backport contained conflicts and methods order was swapped.
Change-Id: I95f68be76330ff09e5eabb5ef8dd9a18f5547866
co-authored-by: Matteo Pozza
Closes-Bug: #1927677
(cherry picked from commit 6fbd0b758dcac71323f3be179b1a9d1c17a4acc5)
(cherry picked from commit 47dad4836a26292e9d34e516e1525ecf00be127c)
Reviewed: https:/ /review. opendev. org/c/openstack /nova/+ /806626 /opendev. org/openstack/ nova/commit/ 9588cdbfd4649ea 53d60303f2d10c5 d62a070a07
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/victoria
commit 9588cdbfd4649ea 53d60303f2d10c5 d62a070a07
Author: Sean Mooney <email address hidden>
Date: Mon Aug 23 15:37:48 2021 +0100
address open redirect with 3 forward slashes
Ie36401c782 f023d1d5f262373 2619105dc2cfa24 was intended
to address OSSA-2021-002 (CVE-2021-3654) however after its
release it was discovered that the fix only worked
for urls with 2 leading slashes or more then 4.
This change adresses the missing edgecase for 3 leading slashes
and also maintian support for rejecting 2+.
Conflicts: tests/unit/ console/ test_websocketp roxy.py
nova/
NOTE: conflict is due to I58b0382c86d4ef 798572edb63d311 e0e3e6937bb d1d5f2623732619 105dc2cfa24
is missing in Victoria and Ie36401c782f023
backport contained conflicts and methods order was swapped.
Change-Id: I95f68be76330ff 09e5eabb5ef8dd9 a18f5547866 323f3be179b1a9d 1c17a4acc5) e9d34e516e1525e cf00be127c)
co-authored-by: Matteo Pozza
Closes-Bug: #1927677
(cherry picked from commit 6fbd0b758dcac71
(cherry picked from commit 47dad4836a26292