mirror of
https://github.com/HeyPuter/puter
synced 2024-11-14 22:06:00 +00:00
3f6f4bb4c0
When using axios, its dependency follow-redirects only clears authorization header during cross-domain redirect, but allows the proxy-authentication header which contains credentials too.
## Steps To Reproduce & PoC
```js
const axios = require('axios');
axios.get('http://127.0.0.1:10081/', {
headers: {
'AuThorization': 'Rear Test',
'ProXy-AuthoriZation': 'Rear Test',
'coOkie': 't=1'
}
})
.then((response) => {
console.log(response);
})
```
When I meet the cross-domain redirect, the sensitive headers like authorization and cookie are cleared, but proxy-authentication header is kept.
```diff
- removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
+ removeMatchingHeaders(/^(?:authorization|proxy-authorization|cookie)$/i, this._options.headers);
```
CWE-200
`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N`
CVE-2024-28849
|
||
|---|---|---|
| .. | ||
| assets | ||
| config | ||
| doc | ||
| src | ||
| .gitignore | ||
| LICENSE | ||
| local.json5 | ||
| notalicense-license-checker-config.json | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| rollup.config.js | ||
| run-http.json5 | ||
| run-https.json5 | ||
| run-phoenix-http.json5 | ||
| run.json5 | ||
Puter Terminal Emulator
« LIVE DEMO »
Puter.com
·
Discord
·
Reddit
·
X (Twitter)
This is a Puter-compatible pure-javascript terminal emulator built on xtermjs. It integrates with an external shell provider. We develop and test the terminal emulator alongside Puter's shell: phoenix.
The Terminal as a Whole
This terminal emulator alongside phoenix give you an AGPL-3.0-licensed pure-javascript
terminal experience which integrates with Puter's filesystem, AI services, and more.
Here are a few examples of what you can do:
ai "write me a story"txt2img "a blue computer on a cloud" > puter.pngneofetchecho $(echo "command substitution")cat example.txt | grep "find me"cat example.json | jq "name"