Patch CVE-2024-43796 in reaper (#10543)

xordux · web-flow · commit eee1b275989d · 2024-09-25T15:38:22.000+05:30
diff --git a/SPECS/reaper/CVE-2024-43796.patch b/SPECS/reaper/CVE-2024-43796.patch
@@ -0,0 +1,25 @@
+From 77615000b4152081d05d16befd636c6e4274c9a4 Mon Sep 17 00:00:00 2001
+From: Rohit Rawat <xordux@gmail.com>
+Date: Wed, 25 Sep 2024 08:21:08 +0000
+Subject: [PATCH] CVE-2024-43796: don't render redirect values in anchor href
+
+---
+ src/ui/node_modules/express/lib/response.js | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ui/node_modules/express/lib/response.js b/src/ui/node_modules/express/lib/response.js
+index dd7b3c82..54c0c8fa 100644
+--- a/src/ui/node_modules/express/lib/response.js
++++ b/src/ui/node_modules/express/lib/response.js
+@@ -969,7 +969,7 @@ res.redirect = function redirect(url) {
+ 
+     html: function(){
+       var u = escapeHtml(address);
+-      body = '<p>' + statuses.message[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>'
++      body = '<p>' + statuses.message[status] + '. Redirecting to ' + u + '</p>'
+     },
+ 
+     default: function(){
+-- 
+2.39.4
+
diff --git a/SPECS/reaper/reaper.spec b/SPECS/reaper/reaper.spec
@@ -6,7 +6,7 @@
 Summary:        Reaper for cassandra is a tool for running Apache Cassandra repairs against single or multi-site clusters.
 Name:           reaper
 Version:        3.1.1
-Release:        11%{?dist}
+Release:        12%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -36,6 +36,7 @@ Patch0:         CVE-2024-37890.patch
 Patch1:         CVE-2023-42282.patch
 Patch2:         CVE-2017-18214.patch
 Patch3:         CVE-2024-42459.patch
+Patch4:         CVE-2024-43796.patch
 BuildRequires:  git
 BuildRequires:  javapackages-tools
 BuildRequires:  maven
@@ -172,6 +173,9 @@ fi
 %{_unitdir}/cassandra-%{name}.service
 
 %changelog
+* Wed Sep 25 2024 Rohit Rawat <rohitrawat@microsoft.com> - 3.1.1-12
+- Patch CVE-2024-43796 in express module
+
 * Tue Aug 20 2024 Cameron Baird <cameronbaird@microsoft.com> - 3.1.1-11
 - Introduce DER-signature-decoding-correction.patch to address CVE-2024-42459,
 - CVE-2024-42460, CVE-2024-42461
