Vulnerability	Vulnerable Version
M Open Redirect Flask-Unchained is a The quickest and easiest way to build large web apps and APIs with Flask and SQLAlchemy Affected versions of this package are vulnerable to Open Redirect. When using the `the _validate_redirect_url` function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as `\\\evil.com/path`. This vulnerability is only exploitable if an alternative WSGI server other than `Werkzeug` is used, or the default behaviour of `Werkzeug` is modified using 'autocorrect_location_header=False`. How to fix Open Redirect? Upgrade `Flask-Unchained` to version 0.9.0 or higher.	[,0.9.0)

Open Redirect

Flask-Unchained is a The quickest and easiest way to build large web apps and APIs with Flask and SQLAlchemy

Affected versions of this package are vulnerable to Open Redirect. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path.

This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False`.

How to fix Open Redirect?

Upgrade Flask-Unchained to version 0.9.0 or higher.

[,0.9.0)

Go back to all versions of this package