CVE-2021-23385
published 2022-08-02CVE-2021-23385: This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass…
PriorityP430medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.90%
55.0th percentile
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | flask-security | < flask-security 5.0.2-1 (bookworm) | flask-security 5.0.2-1 (bookworm) |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vendor_debian5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Flask-Security vulnerability
vendor_ubuntu·2024-05-28
CVE-2021-23385 Flask-Security vulnerability
Title: Flask-Security vulnerability
Summary: Flask-Security could be made to bypass URL validation and redirect to arbitary URL.
Naom Moshe discovered that Flask-Security incorrectly validated URLs. An attacker could use this issue to redirect users to arbitrary URLs.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2021-23385: flask-security - This affects all versions of package Flask-Security. When using the get_post_log...
vendor_debian·2021·CVSS 5.4
CVE-2021-23385 [MEDIUM] CVE-2021-23385: flask-security - This affects all versions of package Flask-Security. When using the get_post_log...
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore.
Scope: local
bookworm: resolved (fixed in 5.0.2-1)
bullseye: resolved (fixed in 4.0.0-1+deb11u1)
forky: resolved (fixed in 5.0.2-1)
sid: resolved (fixed in 5.0.2-1)
trixie: resolved (fixed in 5.0.2-1)
GHSA
Flask-Security vulnerable to Open Redirect
ghsa·2022-10-07
CVE-2021-23385 [MEDIUM] CWE-601 Flask-Security vulnerable to Open Redirect
Flask-Security vulnerable to Open Redirect
This affects all versions of package Flask-Security. When using the `get_post_logout_redirect` and `get_post_login_redirect` functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as `\\\evil.com/path`. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using `'autocorrect_location_header=False`.
**Note:** Flask-Security is not maintained anymore.
OSV
Flask-Security vulnerable to Open Redirect
osv·2022-10-07
CVE-2021-23385 [MEDIUM] Flask-Security vulnerable to Open Redirect
Flask-Security vulnerable to Open Redirect
This affects all versions of package Flask-Security. When using the `get_post_logout_redirect` and `get_post_login_redirect` functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as `\\\evil.com/path`. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using `'autocorrect_location_header=False`.
**Note:** Flask-Security is not maintained anymore.
OSV
CVE-2021-23385: This affects all versions of package Flask-Security
osv·2022-08-02·CVSS 6.1
CVE-2021-23385 [MEDIUM] CVE-2021-23385: This affects all versions of package Flask-Security
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/mattupstate/flask-securityhttps://lists.debian.org/debian-lts-announce/2023/08/msg00034.htmlhttps://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234https://snyk.io/blog/url-confusion-vulnerabilities/https://github.com/mattupstate/flask-securityhttps://lists.debian.org/debian-lts-announce/2023/08/msg00034.htmlhttps://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234https://snyk.io/blog/url-confusion-vulnerabilities/
2022-08-02
Published