FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-flask-security -- user redirect to arbitrary URL vulnerability

Affected packages
py310-flask-security <= 3.0.0_1
py311-flask-security <= 3.0.0_1
py37-flask-security <= 3.0.0_1
py38-flask-security <= 3.0.0_1
py39-flask-security <= 3.0.0_1


VuXML ID 06492bd5-085a-4cc0-9743-e30164bdcb1c
Discovery 2022-08-02
Entry 2023-08-31

Snyk reports:

This affects all versions of package Flask-Security.

When using the `get_post_logout_redirect` and `get_post_login_redirect` functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as `\\\`.

This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using `'autocorrect_location_header=False`.

**Note:** Flask-Security is not maintained anymore.


CVE Name CVE-2021-23385