GMS-2022-78: Open Redirect in pollbot

February 16, 2022 (updated February 17, 2022)

There was an open redirection vulnerability in the path of https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/. Attackers can serve malicious websites that steal passwords or download ransomware to their victims machine due to a redirect and there are a heap of other attack vectors.

References

github.com/advisories/GHSA-vg27-hr3v-3cqv
github.com/mozilla/PollBot/security/advisories/GHSA-vg27-hr3v-3cqv

Code Behaviors & Features

Detect and mitigate GMS-2022-78 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →