Skip to content

X-Forwarded-For does an insecure internal DNS lookups for user-provided hosts #752

New issue
New issue
Open
Open
X-Forwarded-For does an insecure internal DNS lookups for user-provided hosts#752
@tenor-dev

Description

@tenor-dev
tenor-dev
opened on Sep 26, 2022

An attacker can put a DNS name into the X-Forwarded-For header and Ninja would do a DNS lookup of it.

The code responsible is in AbstractContext.getRemoteAddr:

                    // If ip4/6 address string handed over, simply does pattern validation.
                    InetAddress.getByName(forwardHeader);

So, contrary to the comment, getByName doesn't do a simple validation, but also does a DNS lookup if the provided value is not an IP address. This code is irrelevant and should be removed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions