MEDIUM

GHSA-hhpq-7wg4-36jm

CakePHP Authentication: Open redirect weakness via backslash bypass

Details

### Impact The `getLoginRedirect()` method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames.

### Patches 3.3.6 and 4.1.1 contain a fix for this issue.

### Workarounds If you are unable to upgrade, you should consider adding application validation to the redirect query string parameter to mitigate this vulnerability.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / cakephp/authentication

Introduced in: 0 Fixed in: 3.3.6

Fix composer require cakephp/authentication:^3.3.6

Packagist / cakephp/authentication

Introduced in: 4.0.0 Fixed in: 4.1.1

Fix composer require cakephp/authentication:^4.1.1

References

https://github.com/cakephp/authentication/security/advisories/GHSA-hhpq-7wg4-36jm [WEB]
https://github.com/cakephp/authentication [PACKAGE]