CVE-2023-49438 – flask-security-too

Package

Manager: pip
Name: flask-security-too
Vulnerable Version: >=0 <5.3.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00202 pctl0.42475

Details

Open redirect vulnerability in Flask-Security-Too An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. Flask-Security-Too contains logic to validate that the URL specified within the next parameter is either relative or has the same network location as the requesting URL in an attempt to prevent open redirections. Previously known examples that bypassed the validation logic such as `https://example/login?next=\\\\\\github.com` were patched in version 4.1.0 However, examples such as `https://example/login?next=/\\github.com` and `https://example/login?next=\\/github.com` were discovered due to how web browsers normalize slashes in URLs, which makes the package vulnerable through version <=5.3.2 Additionally, with Werkzeug >=2.1.0 the autocorrect_location_header configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if they are using Werkzeug >=2.1.0 as the WSGI layer.

Metadata

Created: 2023-12-27T00:30:25Z
Modified: 2024-09-20T17:51:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-672h-6x89-76m5/GHSA-672h-6x89-76m5.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-672h-6x89-76m5
Finding: F156
Auto approve: 1