Summary
A misconfiguration in our Fastly VCL would have allowed an attacker to cache a redirect loop for any URL. Example request:
GET /?donotpoisoneveryone=1 HTTP/1.1
Host: rubygems.org
fastly-ff: test
Fastly-FF header is used to detect if the request came from fastly frontend when shielding is enabled. This header can be spoofed by the end user creating a redirect loop for our specific configuration.
Impact
This could have limited the availability of rubygems.org GET endpoints in specific regions. We have not seen this issue being exploited.
Patches
We have updated our fastly VCL to stop using Fastly-FF header.
Summary
A misconfiguration in our Fastly VCL would have allowed an attacker to cache a redirect loop for any URL. Example request:
Fastly-FF header is used to detect if the request came from fastly frontend when shielding is enabled. This header can be spoofed by the end user creating a redirect loop for our specific configuration.
Impact
This could have limited the availability of rubygems.org GET endpoints in specific regions. We have not seen this issue being exploited.
Patches
We have updated our fastly VCL to stop using Fastly-FF header.