# Vulnerability Reports

## November 23, 2023 - URL Rewrite

### Severity - Medium

Reported via the [Hypha Discord](https://discord.gg/CkXS83M85V), this vulnerability was discovered by [0xTeam](https://github.com/0xteam). **No user funds were directly at risk.** This vulnerability stemmed from an unsanitized input in the Next.js SDK tunnel endpoint, a part of the 'tunnel' feature in Sentry. It would allow attackers to send HTTP requests to arbitrary URLs and reflect the response back to the user. The primary concern was the insufficient restrictions on the 'o' query parameter, which could enable attackers to redirect requests and potentially execute malicious scripts. The vulnerability had the potential to significantly impact users. Malicious actors could exploit it to load pages with scripts in the backend, enabling them to connect to users' Web3 wallets. This could result in unauthorized transactions, registration of fake tokens, or even the rewriting of false airdrop or giveaway pages to siphon user funds.

### Mitigation

The problem was mitigated by simply updating the Sentry NextJS Plugin. To mitigate further risk in the future, Sentry is being removed from our frontend site, effectively immediately. We thank 0xTeam for their responsible disclosure and an appropriate bounty will be paid.

### Links

* [Original Report](https://ethsec.blog/0xteam/7b38ea96083fe5e424c78ec63f9298c2)
* [Mitigation Commit](https://github.com/multisig-labs/app.gogopool.com/commit/33f9309a4b77373360ad052b442262e86091963b)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hypha.sh/technical-information-and-brand-assets/security/vulnerability-reports.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.