go-chi RedirectSlashes Open Redirect Vulnerability

A moderate open redirect vulnerability has been identified in the go-chi/chi package, specifically in versions 5.2.2 and later. The issue arises in the RedirectSlashes function, which fails to properly validate input, allowing remote attackers to redirect users to malicious websites while masking it with a legitimate domain. This vulnerability exploits the way browsers handle certain URL formats, potentially leading to phishing or malware distribution.

Impact

Exploitation of this vulnerability allows for open redirects, with the added risk of redirecting users to phishing sites or malware hosted on an attacker-controlled domain. This could also harm the reputation of the affected website.

Reproduction

The vulnerability can be reproduced by setting up a server using the go-chi router with the RedirectSlashes middleware. Once the server is running, a request can be made to a path that includes a backslash followed by a domain name, such as '\evil.com'. The server will respond with a 301 redirect, but the Location header will contain the path as '\evil.com', which most browsers will interpret as a protocol-relative URL, effectively redirecting the user to 'evil.com'.

Remediation

Users can upgrade to go-chi/chi version 5.2.4 or later to address this vulnerability.