CVE-2021-23385
MEDIUMFlask-Security - Open Redirect via Backslash URL Validation Bypass
Title source: llmDescription
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore.
References (4)
Core 4
Core References
Product, Third Party Advisory
https://github.com/mattupstate/flask-security
Exploit, Third Party Advisory
https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
Technical Description, Third Party Advisory
https://snyk.io/blog/url-confusion-vulnerabilities/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/08/msg00034.html
Scores
CVSS v3
5.4
EPSS
0.0089
EPSS Percentile
54.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (2)
flask-security_project/flask-security
pypi/Flask-Security
0PyPI
Published
Aug 02, 2022
Tracked Since
Feb 18, 2026