CVE-2021-23385: URL Redirection to Untrusted Site ('Open Redirect')

October 7, 2022

This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using ‘autocorrect_location_header=False. Note: Flask-Security is not maintained anymore.

References

github.com/advisories/GHSA-cg8c-gc2j-2wf7
github.com/mattupstate/flask-security
nvd.nist.gov/vuln/detail/CVE-2021-23385
security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
snyk.io/blog/url-confusion-vulnerabilities/

Detect and mitigate CVE-2021-23385 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →