Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open Redirect Vulnerability #486

Closed
jwag956 opened this issue May 17, 2021 · 1 comment · Fixed by #489
Closed

Open Redirect Vulnerability #486

jwag956 opened this issue May 17, 2021 · 1 comment · Fixed by #489
Assignees

Comments

@jwag956
Copy link
Member

jwag956 commented May 17, 2021

It has been reported that FS (all versions) have an open-redirect vulnerabilty. This is due to a combination of FS not doing complete checking of whether a redirect URL is relative or absolute, and modern browsers willing to 'fill in the blanks' for slightly malformed URLs.

Thus a URL of the form: http://myapp.com/login?next=\\\github.com
will cause many browsers to redirect to github.com after a successful login to your app.

However - by default, Werkzeug auto-corrects Location headers to always be absolute - so this vulnerability doesn't exist for many (most?) applications.

@snoopysecurity

@jwag956 jwag956 self-assigned this May 24, 2021
jwag956 added a commit that referenced this issue May 30, 2021
While this is only an issue if the application sets the Werkzeug response variable:
autocorrect_location_header = False - it none the less poses a small security concern.

Closes: #486
jwag956 added a commit that referenced this issue May 30, 2021
While this is only an issue if the application sets the Werkzeug response variable:
autocorrect_location_header = False - it none the less poses a small security concern.

pyupgrade and black changed again .. sigh...

Closes: #486
jwag956 added a commit that referenced this issue May 30, 2021
While this is only an issue if the application sets the Werkzeug response variable:
autocorrect_location_header = False - it none the less poses a small security concern.

pyupgrade and black changed again .. sigh...
pin read the docs sphinx versions.

Closes: #486
jwag956 added a commit that referenced this issue May 30, 2021
While this is only an issue if the application sets the Werkzeug response variable:
autocorrect_location_header = False - it none the less poses a small security concern.

pyupgrade and black changed again .. sigh...
pin read the docs sphinx versions.

Closes: #486
@StayPirate
Copy link

I think Snyk assigned a different CVE ID (CVE-2021-23385) to the same vulnerability. If I'm right CVE-2021-23385 should be withdrawn by Mitre as duplicated of CVE-2021-32618.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants