Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: 🐛 bug which allows host header injection vuln #103

Merged
merged 2 commits into from
Nov 1, 2024

Conversation

jaskaransarkaria
Copy link
Contributor

@jaskaransarkaria jaskaransarkaria commented Oct 31, 2024

  • the $host var uses the value passed in from the host request header opening up a host header injection vulnerability use the $server_name var instead
  • silence terminal warnings in logrotate
  • pin logrotate

closes https://github.com/orgs/ministryofjustice/projects/65/views/3?pane=issue&itemId=80388737&issue=ministryofjustice%7Ccloud-platform%7C6174

@jaskaransarkaria jaskaransarkaria force-pushed the fix-host-header-injection-vuln branch from a4ef9d3 to 784014c Compare October 31, 2024 16:47
@jaskaransarkaria jaskaransarkaria merged commit 0067542 into main Nov 1, 2024
3 checks passed
@jaskaransarkaria jaskaransarkaria deleted the fix-host-header-injection-vuln branch November 1, 2024 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant