Can you explain this vulnerability to me?

This vulnerability is an open redirect issue in Datasette versions 0.65.1 and below and 1.0a0 through 1.0a19. When a user accesses a URL path with a double slash (//) followed by a trailing slash, the application redirects the user to a URL with a single slash, potentially redirecting them to unintended locations. This behavior can be exploited to redirect users to malicious sites. The issue has been fixed in Datasette versions 0.65.2 and 1.0a21.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The open redirect vulnerability can be exploited by attackers to redirect users to malicious websites, potentially leading to phishing attacks or other social engineering exploits. While the CVSS score is 0.0 indicating no direct impact on confidentiality, integrity, or availability, the vulnerability can still be used to trick users and compromise their trust.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking if your Datasette instance redirects requests with double slashes (//) in the path to a single slash URL. For example, sending a request to a path like //example.com/foo/bar/ and observing if it redirects to https://example.com/foo/bar indicates the presence of the vulnerability. A simple command to test this could be using curl: curl -I http://your-datasette-instance//foo/bar/ and checking the Location header in the response.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, upgrade Datasette to version 0.65.2 or later, or 1.0a21 or later where the issue is patched. If upgrading is not possible immediately, configure the proxy in front of Datasette to replace double slashes (//) with a single slash (/) in incoming request URLs to prevent the open redirect behavior.

Useful 0 Not Useful 0