Open Redirect Affecting phoenix package, versions >=1.3.0-rc.0 <1.3.0-rc.1>=1.2.0-rc.0 <1.2.3>=1.1.0 <1.1.7<1.0.5
Threat Intelligence
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-HEX-PHOENIX-1088052
- published30 Mar 2021
- disclosed14 Mar 2017
- creditNCC Group
Introduced: 14 Mar 2017
CVE-2017-1000163 (opens in a new tab)How to fix?
Upgrade phoenix to version 1.3.0-rc.1, 1.2.3, 1.1.7, 1.0.5 or higher.
Overview
phoenix is a Phoenix is a web development framework written in Elixir which implements the server-side Model View Controller (MVC) pattern. Many of its components and concepts will seem familiar to those of us with experience in other web frameworks like Ruby on Rails or Python's Django.
Phoenix provides the best of both worlds - high developer productivity and high application performance. It also has some interesting new twists like channels for implementing realtime features and pre-compiled templates for blazing speed.
Affected versions of this package are vulnerable to Open Redirect. The Phoenix team designed Phoenix.Controller.redirect/2 to protect against redirects allowing user input to redirect to an external URL where your application code otherwise assumes a local path redirect. This is why the :to option is used for “local” URL redirects and why you must pass the :external option to intentionally allow external URLs to be redirected to.
It has been disclosed that carefully crafted user input may be treated by some browsers as an external URL. An attacker can use this vulnerability to aid in social engineering attacks. The most common use would be to create highly believable phishing attacks.
For example, the following user input would pass local URL validation, but be treated by Chrome and Firefox as external URLs: http://localhost:4000/?redirect=/\nexample.com
Not all browsers are affected, but latest Chrome and Firefox will issue a get request for example.com and successfully redirect externally.