Beware of Malicious Actors Hijacking Requests in TrueLayer.NET SDK

CVECVE-2024-23838
CVSScvssV3_0: 8.6
SourceCVE-2024-23838

TrueLayer.NET is a popular .NET client library used for integrating payment functionality into applications. According to security researchers, a vulnerability has been discovered in older versions of this library that could allow malicious actors to hijack HTTP requests.

The vulnerability resides in the way the TrueLayer.NET SDK handles HTTP requests through the HttpClient class. By exploiting this, attackers may be able to redirect requests to unexpected destinations on local networks or the internet. This could reveal sensitive user information if applications are not properly configured with security restrictions.

While newer versions have addressed this issue, applications using older versions of TrueLayer.Client prior to v1.6.0 are still at risk. The main attack scenario involves an actor gaining control of the destination URL for outgoing API requests through user-supplied input. They can then redirect traffic to harvest data or perform unauthorized actions.

To protect yourself, make sure to update your TrueLayer.NET integration to the latest version. You should also implement input validation and restrict HTTP requests to only approved internal or external endpoints. Having strict egress rules in place prevents traffic from being misdirected even if a vulnerability remains.

Staying on top of library and dependency updates is important for security. This incident serves as a reminder for developers to keep an eye out for vulnerabilities in third-party components and take steps to minimize risks for users.

References