CVE-2023-49438
published 2023-12-26CVE-2023-49438: An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a…
PriorityP431medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.08%
60.9th percentile
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | flask-security | >= 0 < 5.8.1 | 5.8.1 |
| flask-security-too_project | flask-security-too | <= 5.3.2 | — |
| flask-security-too_project | flask-security-too | >= 0 < 5.3.3 | 5.3.3 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ghsa6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Flask-Security has an Open Redirect issue
ghsa·2026-06-23·CVSS 6.1
CVE-2023-49438 [MEDIUM] CWE-601 Flask-Security has an Open Redirect issue
Flask-Security has an Open Redirect issue
# Open Redirect in Flask-Security
## Summary
`flask_security.utils.validate_redirect_url()` can allow an attacker-controlled redirect URL when subdomain redirects are enabled.
The bypass uses a backslash inside the URL authority/host:
```text
http://evil.com\.whitelist.com
http://evil.com%5C.whitelist.com
```
Python's `urlsplit()` parses the full authority as `evil.com\.whitelist.com` or `evil.com%5C.whitelist.com`. Because the value ends with `.whitelist.com`, `validate_redirect_url()` accepts it as an allowed subdomain of `whitelist.com`.
This is similar in class to the previous Flask-Security-Too open redirect advisory CVE-2023-49438 / GHSA-672h-6x89-76m5, where crafted redirect URLs bypassed validation through browser URL normalization b
OSV
Open redirect vulnerability in Flask-Security-Too
osv·2023-12-27
CVE-2023-49438 [MEDIUM] Open redirect vulnerability in Flask-Security-Too
Open redirect vulnerability in Flask-Security-Too
An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrect_location_header configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if they are using Werkzeug >=2.1.0 as the WSGI layer.
GHSA
Open redirect vulnerability in Flask-Security-Too
ghsa·2023-12-27
CVE-2023-49438 [MEDIUM] CWE-601 Open redirect vulnerability in Flask-Security-Too
Open redirect vulnerability in Flask-Security-Too
An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrect_location_header configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if they are using Werkzeug >=2.1.0 as the WSGI layer.
OSV
CVE-2023-49438: An open redirect vulnerability in the python package Flask-Security-Too <=5
osv·2023-12-26
CVE-2023-49438 CVE-2023-49438: An open redirect vulnerability in the python package Flask-Security-Too <=5
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
No detection rules found.
Nuclei
Python Flask-Security-Too <=5.3.2 - Open Redirect
nuclei·CVSS 6.1
CVE-2023-49438 [MEDIUM] Python Flask-Security-Too <=5.3.2 - Open Redirect
Python Flask-Security-Too <=5.3.2 - Open Redirect
An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks ([NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-49438)).
Template:
id: CVE-2023-49438
info:
name: Python Flask-Security-Too <=5.3.2 - Open Redirect
author: ritikchaddha
severity: medium
description: |
An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, whic
No writeups or analysis indexed.
https://github.com/Flask-Middleware/flask-securityhttps://github.com/brandon-t-elliott/CVE-2023-49438https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HCYH377TPUMUHELPI36PDS2ZM4VFIXM/https://github.com/Flask-Middleware/flask-securityhttps://github.com/brandon-t-elliott/CVE-2023-49438https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HCYH377TPUMUHELPI36PDS2ZM4VFIXM/https://lists.fedoraproject.org/archives/list/[email protected]/message/6HCYH377TPUMUHELPI36PDS2ZM4VFIXM/
2023-12-26
Published