MEDIUM 6.1

GHSA-cg8c-gc2j-2wf7

Flask-Security vulnerable to Open Redirect

Details

This affects all versions of package Flask-Security. When using the `get_post_logout_redirect` and `get_post_login_redirect` functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as `\\\evil.com/path`. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using `'autocorrect_location_header=False`.

**Note:** Flask-Security is not maintained anymore.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / flask-security

Introduced in: 0

No fixed version published yet for flask-security (pip). Pin to a known-safe version or switch to an alternative.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-23385 [ADVISORY]
https://github.com/mattupstate/flask-security [PACKAGE]
https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234 [WEB]
https://snyk.io/blog/url-confusion-vulnerabilities [WEB]