Miggo Logo

CVE-2021-32618: Open Redirect in Flask-Security-Too

3.1

CVSS Score
3.1

Basic Information

EPSS Score
0.94695%
Published
5/17/2021
Updated
9/20/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
Flask-Security-Toopip< 4.1.04.1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the redirect validation logic in validate_redirect_url. The commit diff shows this function was modified to add a regex-based check (SECURITY_REDIRECT_VALIDATE_RE) to block URLs with patterns like '////' or escaped backslashes. The original implementation relied solely on urlsplit's netloc check, which didn't handle edge cases where browsers auto-correct malformed URLs. The function's inability to detect these browser-normalized URLs made it the root cause of the open redirect vulnerability when Werkzeug's autocorrect_location_header was disabled.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *l*sk-S**urity *llows r**ir**ts **t*r m*ny su***ss*ul vi*ws (*.*. /lo*in) *y *onorin* t** ?n*xt qu*ry p*r*m. T**r* is *o** in *S to v*li**t* t**t t** url sp**i*i** in t** n*xt p*r*m*t*r is *it**r r*l*tiv* OR **s t** s*m* n*tlo* (n*twork lo

Reasoning

T** vuln*r**ility st*ms *rom t** r**ir**t v*li**tion lo*i* in v*li**t*_r**ir**t_url. T** *ommit *i** s*ows t*is *un*tion w*s mo*i*i** to *** * r***x-**s** ****k (S**URITY_R**IR**T_V*LI**T*_R*) to *lo*k URLs wit* p*tt*rns lik* '////' or *s**p** ***ksl