CVE-2024-36043: Weak Url Domain Indexof Bypass
Weak URL validation detected. Using `indexOf(...) !== -1` to check if a URL contains a specific domain or substring can be bypassed by an attacker prefixing the payload with a malicious scheme (e.g., `javascript:`) or embedding the substring in the URL path/query parameters. Ensure URL validation anchors the domain to the beginning of the URL path (such as `
JSgreprules fetch cve-2024-36043-weak-url-domain-indexof-bypass --engine opengrepDescription
Weak URL validation detected. Using `indexOf(...) !== -1` to check if a URL contains a specific domain or substring can be bypassed by an attacker prefixing the payload with a malicious scheme (e.g., `javascript:`) or embedding the substring in the URL path/query parameters. Ensure URL validation anchors the domain to the beginning of the URL path (such as `
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0