In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for amp-html
.
amp-html is a Full site AMP Pages validator
Affected versions of this package are vulnerable to Open Redirect. The default value of the "return" parameter for the amp-access login endpoint is set to the cdn.ampproject.org "login done" page with a "url" parameter that contains the original url of the AMP page, where the canonical backend is supposed to redirect after login or logout. Once redirected, the "login done" page is immediately redirecting back to the URL from the "url" parameter which is the original AMP page from where the authentication request originated from.
The issue is that the "url" parameter is not being validated by the domain, so when the "url" parameter is manually changed to another domain, it's still being redirected to that url and not being validated.