Skip to content

fix(auth): Fix improper regex during auth that can lead to SSRF #6144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(auth): Fix improper regex during auth that can lead to SSRF #6144

wants to merge 1 commit into from

Conversation

j-luong
Copy link
Contributor

@j-luong j-luong commented Aug 29, 2025
edited
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Commit messages
    are release-note ready, emphasizing
    what was changed, not how.
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)
  • Includes product update to be announced in the next stable release notes

What does this PR do?

Updates GAF to address an improper regex check during the authentication flow which can lead to an SSRF vulnerability

Where should the reviewer start?

How should this be manually tested?

What's the product update that needs to be communicated to CLI users?

fix(auth): Addresses an improper regex check that can lead to an SSRF vulnerability

@snyk-io Snyk.io
Copy link

snyk-io bot commented Aug 29, 2025
edited
Loading

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

code/snyk check is complete. No issues have been found. (View Details)

@j-luong j-luong marked this pull request as ready for review August 29, 2025 11:17
@j-luong j-luong requested review from a team as code owners August 29, 2025 11:17
cursor[bot]

This comment was marked as outdated.

Sign in to view

@j-luong j-luong force-pushed the fix/cli-830_improperRegexSSRF branch from 06bcc93 to 9b616f0 Compare August 29, 2025 11:36
@j-luong j-luong force-pushed the fix/cli-830_improperRegexSSRF branch from 9b616f0 to 0fd8d94 Compare August 29, 2025 11:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@j-luong