Vulnerability Details CVE-2021-23385
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.6%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/mattupstate/flask-security
- https://lists.debian.org/debian-lts-announce/2023/08/msg00034.html
- https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
- https://snyk.io/blog/url-confusion-vulnerabilities/
- https://github.com/mattupstate/flask-security
- https://lists.debian.org/debian-lts-announce/2023/08/msg00034.html
- https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
- https://snyk.io/blog/url-confusion-vulnerabilities/
Products affected by CVE-2021-23385
-
cpe:2.3:a:flask-security_project:flask-security:1.1.0
-
cpe:2.3:a:flask-security_project:flask-security:1.2.0
-
cpe:2.3:a:flask-security_project:flask-security:1.2.1
-
cpe:2.3:a:flask-security_project:flask-security:1.2.2
-
cpe:2.3:a:flask-security_project:flask-security:1.2.3
-
cpe:2.3:a:flask-security_project:flask-security:1.5.0
-
cpe:2.3:a:flask-security_project:flask-security:1.5.1
-
cpe:2.3:a:flask-security_project:flask-security:1.5.2
-
cpe:2.3:a:flask-security_project:flask-security:1.5.3
-
cpe:2.3:a:flask-security_project:flask-security:1.5.4
-
cpe:2.3:a:flask-security_project:flask-security:1.6.0
-
cpe:2.3:a:flask-security_project:flask-security:1.6.1
-
cpe:2.3:a:flask-security_project:flask-security:1.6.2
-
cpe:2.3:a:flask-security_project:flask-security:1.6.3
-
cpe:2.3:a:flask-security_project:flask-security:1.6.4
-
cpe:2.3:a:flask-security_project:flask-security:1.6.5
-
cpe:2.3:a:flask-security_project:flask-security:1.6.6
-
cpe:2.3:a:flask-security_project:flask-security:1.6.7
-
cpe:2.3:a:flask-security_project:flask-security:1.6.8
-
cpe:2.3:a:flask-security_project:flask-security:1.6.9
-
cpe:2.3:a:flask-security_project:flask-security:1.7.0
-
cpe:2.3:a:flask-security_project:flask-security:1.7.1
-
cpe:2.3:a:flask-security_project:flask-security:1.7.2
-
cpe:2.3:a:flask-security_project:flask-security:1.7.3
-
cpe:2.3:a:flask-security_project:flask-security:1.7.4
-
cpe:2.3:a:flask-security_project:flask-security:1.7.5
-
cpe:2.3:a:flask-security_project:flask-security:3.0.0
-
cpe:2.3:a:flask-security_project:flask-security:3.0.1
-
cpe:2.3:a:flask-security_project:flask-security:3.0.2
-
cpe:2.3:a:flask-security_project:flask-security:3.1.0
-
cpe:2.3:a:flask-security_project:flask-security:3.2.0
-
cpe:2.3:a:flask-security_project:flask-security:3.3.0
-
cpe:2.3:a:flask-security_project:flask-security:3.3.1
-
cpe:2.3:a:flask-security_project:flask-security:3.3.2
-
cpe:2.3:a:flask-security_project:flask-security:3.3.3
-
cpe:2.3:a:flask-security_project:flask-security:3.4.0
-
cpe:2.3:a:flask-security_project:flask-security:3.4.1
-
cpe:2.3:a:flask-security_project:flask-security:3.4.2
-
cpe:2.3:a:flask-security_project:flask-security:3.4.3
-
cpe:2.3:a:flask-security_project:flask-security:3.4.4
-
cpe:2.3:a:flask-security_project:flask-security:3.4.5
-
cpe:2.3:a:flask-security_project:flask-security:4.0.0
-
cpe:2.3:a:flask-security_project:flask-security:4.0.1