Open Redirect

Affecting flask-unchained package, versions [,0.9.0)

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Flask-Unchained is a The quickest and easiest way to build large web apps and APIs with Flask and SQLAlchemy

Affected versions of this package are vulnerable to Open Redirect. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path.

This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False`.

Remediation

Upgrade Flask-Unchained to version 0.9.0 or higher.

References

CVSS Score

5.4
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    Low
  • Availability
    None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C
Credit
Noam Moshe of Claroty
CVE
CVE-2021-23393
CWE
CWE-601
Snyk ID
SNYK-PYTHON-FLASKUNCHAINED-1293189
Disclosed
15 May, 2021
Published
10 Jun, 2021