Impact
At least one user encountered issues while attempting to download reports from the platform. The issue started on UTC-5 24-10-10 14:40 and was proactively discovered 1.9 hours (TTD) later by one of our engagement managers, who reported through our help desk [1] that an error occurred instead of successfully downloading the report. The problem was resolved in 4 hours (TTF), resulting in a total window of exposure of 6 hours (WOE) [2].
Cause
The html.escape function was applied to the context variables for rendering email templates, including the URL for downloading reports. This change altered the URL format, adding extra characters that prevented AWS from recognizing the required parameters to download the signed file [3].
Solution
Excluding the URL field from the application of html.escape resolved the issue, ensuring that the original format of the URL was preserved and allowing AWS to correctly identify the necessary parameters for downloading the reports [4].
Conclusion
The escape function was applied to the entire context due to the difficulty of distinguishing user input fields from generated fields, which complicated the verification of whether a URL would successfully download content. To address this, types are being added to the context, facilitating the identification of which fields, particularly those from user input, require escaping [5]. INCOMPLETE_PERSPECTIVE