Open Redirect Affecting flask-security package, versions [0,]
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-FLASKSECURITY-6140501
- published 31 Dec 2023
- disclosed 26 Dec 2023
- credit Brandon T. Elliott
Introduced: 26 Dec 2023
CVE-2023-49438 Open this link in a new tabHow to fix?
There is no fixed version for Flask-Security
.
Overview
Flask-Security is a Simple security for Flask apps.
Affected versions of this package are vulnerable to Open Redirect via the the /login
and /register
routes, using the ?next
parameter.
Note:
With Werkzeug >=2.1.0 the autocorrect_location_header
configuration was changed to False
- which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if they are using Werkzeug >=2.1.0 as the WSGI layer.
Workaround
Adding these configuration options to your app will mitigate all currently known examples:
app.config['SECURITY_REDIRECT_VALIDATE_MODE'] = "regex"
app.config['SECURITY_REDIRECT_VALIDATE_RE'] = r"^/{4,}|\\{3,}|[\s\000-\037][/\\]{2,}(?![/\\])|[/\\]([^/\\]|/[^/\\])*[/\\].*"
Note: The vulnerability present in this library and represented by CVE-2021-23385 included the present vulnerability as well. As this package is not maintained, no fix for this vulnerability is expected. Migrating to a maintained library like Flask-Security-Too
is advised.
PoC
https://example/login?next=/\github.com
https://example/login?next=\/github.com