You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
User can configure in redocly.yaml resolve.http.headers property with the custom header, which contains credentials. The hacker can find the endpoint, which accepts redirects and pass to it redirect URL to the malware website. Fetch automatically redirects to the malware website and strips only Authorization, Cookie, Host, and Proxy Authorization header, so a custom token header such as X-Api-Key is re-sent to the redirect target. I implemented manual redirecting to check on every step if the url matches.
Core code changed? - Tested with other Redocly products (internal contributions only)
New package installed? - Tested in different environments (browser/node)
Documentation update has been considered
Security
The security impact of the change has been considered
Code follows company security practices and guidelines
Note
Medium Risk
Security fix in HTTP ref resolution affects all URL fetches during bundle/resolve; behavior change for redirect chains but intended and covered by new tests.
Overview
Fixes a credential leak when resolving external OpenAPI refs over HTTP: custom headers from resolve.http.headers (e.g. X-Api-Key) could be sent to an attacker-controlled host if the initial URL returned a redirect, because fetch only strips a few standard auth headers on redirect—not user-defined ones.
readFileFromUrl now uses redirect: 'manual' and follows redirects itself (up to 20 hops). On each hop it rebuilds headers with getMatchingHeaders for the current URL, so secrets are only attached when the request URL still matches the configured matches glob—cross-origin redirect targets get no configured credentials; same-host redirects that still match keep them.
Adds focused security tests in resolve-http.test.ts and updates bundle/http resolve expectations to include redirect: 'manual'. Patch changeset for @redocly/openapi-core.
Reviewed by Cursor Bugbot for commit 65f8fc6. Bugbot is set up for automated code reviews on this repo. Configure here.
Sorry, @thegr1ffyn, but we do not add links to reporter to our changelog (you can check our changelog and see we never did it).
I am happy to mention you at x.com though.
Both fixes are merged and released (#2881 in v2.33.0, #2891 as well). @DmitryAnansky confirmed here that a CVE would be created and an update posted once published, and @kanoru3101 offered to file a GitHub Advisory on #2891. I'd like to help close this out.
If you can publish the GHSAs via Security → Advisories → New draft advisory (and request a CVE after publish) and add me (@thegr1ffyn) in Credits, The PoC and advisory content is already shared via email. If it's easier for me to request the CVEs through MITRE's process instead, just say the word and I'll proceed that way so these get identifiers either way. Thanks!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What/Why/How?
User can configure in redocly.yaml
resolve.http.headersproperty with the custom header, which contains credentials. The hacker can find the endpoint, which accepts redirects and pass to it redirect URL to the malware website. Fetch automatically redirects to the malware website and strips onlyAuthorization,Cookie,Host, andProxy Authorizationheader, so a custom token header such asX-Api-Keyis re-sent to the redirect target. I implemented manual redirecting to check on every step if the url matches.Reference
Testing
Screenshots (optional)
Check yourself
Security
Note
Medium Risk
Security fix in HTTP ref resolution affects all URL fetches during bundle/resolve; behavior change for redirect chains but intended and covered by new tests.
Overview
Fixes a credential leak when resolving external OpenAPI refs over HTTP: custom headers from
resolve.http.headers(e.g.X-Api-Key) could be sent to an attacker-controlled host if the initial URL returned a redirect, because fetch only strips a few standard auth headers on redirect—not user-defined ones.readFileFromUrlnow usesredirect: 'manual'and follows redirects itself (up to 20 hops). On each hop it rebuilds headers withgetMatchingHeadersfor the current URL, so secrets are only attached when the request URL still matches the configuredmatchesglob—cross-origin redirect targets get no configured credentials; same-host redirects that still match keep them.Adds focused security tests in
resolve-http.test.tsand updates bundle/http resolve expectations to includeredirect: 'manual'. Patch changeset for@redocly/openapi-core.Reviewed by Cursor Bugbot for commit 65f8fc6. Bugbot is set up for automated code reviews on this repo. Configure here.