Title: OL-Server vulnerable to DNS Rebinding attacks. · Issue #92 · open-lambda/open-lambda · GitHub
Open Graph Title: OL-Server vulnerable to DNS Rebinding attacks. · Issue #92 · open-lambda/open-lambda
X Title: OL-Server vulnerable to DNS Rebinding attacks. · Issue #92 · open-lambda/open-lambda
Description: The Rest API spawned on port 5000 isn't validating the Host header , as such the server is vulnerable to DNS Rebinding attacks. Impact : By tricking users into visiting a website, it will be possible to perform all Rest Calls on behalf o...
Open Graph Description: The Rest API spawned on port 5000 isn't validating the Host header , as such the server is vulnerable to DNS Rebinding attacks. Impact : By tricking users into visiting a website, it will be possib...
X Description: The Rest API spawned on port 5000 isn't validating the Host header , as such the server is vulnerable to DNS Rebinding attacks. Impact : By tricking users into visiting a website, it will be po...
Opengraph URL: https://github.com/open-lambda/open-lambda/issues/92
X: @github
Domain: patch-diff.githubusercontent.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"OL-Server vulnerable to DNS Rebinding attacks.","articleBody":"The Rest API spawned on port 5000 isn't validating the Host header , as such the server is vulnerable to DNS Rebinding attacks.\r\n\r\n\r\nImpact :\r\nBy tricking users into visiting a website, it will be possible to perform all Rest Calls on behalf of user from the attackers website, bypassing the same origin policy using DNS rebind. Few actions that the attacker can perform are invoking/running functions, read stats etc. There is also a /debug API but currently not configured, attacker can also invoke debug and do stuff based on implementation of the debug functionality.","author":{"url":"https://github.com/pwn1sher","@type":"Person","name":"pwn1sher"},"datePublished":"2019-12-16T06:22:47.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":4},"url":"https://github.com/92/open-lambda/issues/92"}| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:1f88f56c-70cd-0314-140b-d66af8ce8a4e |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | B5E2:19E8FE:C9AAF9:10D4D03:69704CE5 |
| html-safe-nonce | ddf6b5be36f3bb6f5a6ea12ad1dd33c39ec7888416c987165365c6e21a1ff5f8 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCNUUyOjE5RThGRTpDOUFBRjk6MTBENEQwMzo2OTcwNENFNSIsInZpc2l0b3JfaWQiOiI1MjcwMjQwNjgyOTA2MjQyMjc4IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | ee38cdf6b0c53eed248ff20d0c8e8982a535ce8a78ad7fb92fc856ad69c0fd35 |
| hovercard-subject-tag | issue:538210224 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/open-lambda/open-lambda/92/issue_layout |
| twitter:image | https://opengraph.githubassets.com/317a1281f146c4850254f35a41a563290d8b202cadfb7cb8ea0a13de8bec1e59/open-lambda/open-lambda/issues/92 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/317a1281f146c4850254f35a41a563290d8b202cadfb7cb8ea0a13de8bec1e59/open-lambda/open-lambda/issues/92 |
| og:image:alt | The Rest API spawned on port 5000 isn't validating the Host header , as such the server is vulnerable to DNS Rebinding attacks. Impact : By tricking users into visiting a website, it will be possib... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | pwn1sher |
| hostname | github.com |
| expected-hostname | github.com |
| None | 9920a62ba22d06470388e2904804fb7e5ec51c9e35f81784e9191394c74b2bd2 |
| turbo-cache-control | no-preview |
| go-import | github.com/open-lambda/open-lambda git https://github.com/open-lambda/open-lambda.git |
| octolytics-dimension-user_id | 19804021 |
| octolytics-dimension-user_login | open-lambda |
| octolytics-dimension-repository_id | 61392620 |
| octolytics-dimension-repository_nwo | open-lambda/open-lambda |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 61392620 |
| octolytics-dimension-repository_network_root_nwo | open-lambda/open-lambda |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | f643964067a552f02067066d6a910b2f90a5721f |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width