Endpoint UnvalidatedRedirect

Unvalidated redirects occur when an application redirects a user to a destination URL specified by a user supplied parameter that is not validated. Such vulnerabilities can be used to facilitate phishing attacks.

IndexedPublic repositoryHighMedium confidenceVerifiedLGPL-3.0-onlykotlin

greprules fetch gitlab-sast-rules-lgpl-kotlin-endpoint-rule-unvalidatedredirect --engine opengrep

Description

Unvalidated redirects occur when an application redirects a user to a destination URL specified by a user supplied parameter that is not validated. Such vulnerabilities can be used to facilitate phishing attacks.

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: LGPL-3.0-only
Source context: Public repository
Source: https://gitlab.com/gitlab-org/security-products/sast-rules
Validation status: Verified
Trust signals: 100 downloads
0 direct100 via packs
· 0 stars · Trust score 91How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata