{"uuid": "bb541946-6ef7-490b-9c7c-5422f46fca5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49438", "type": "seen", "source": "https://gist.github.com/alon710/31eb26fe10a0715b39c427020e06d517", "content": "# GHSA-W2J7-F3C6-G8CW: GHSA-w2j7-f3c6-g8cw: Open Redirect Bypass via Parser Differential in Flask-Security\n\n> **CVSS Score:** 4.7\n> **Published:** 2026-06-23\n> **Full Report:** https://cvereports.com/reports/GHSA-W2J7-F3C6-G8CW\n\n## Summary\nAn open redirect vulnerability exists in Flask-Security versions up to and including 5.8.0. This flaw allows remote, unauthenticated attackers to perform open redirects by exploiting a parser differential between Python's standard library urlsplit() function and modern web browsers when subdomain redirection is allowed.\n\n## TL;DR\nA parser differential between Python's urlsplit() and web browsers allows attackers to bypass subdomain redirect validation in Flask-Security using backslash-based host strings, leading to open redirect attacks.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-601\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 4.7 (Medium)\n- **EPSS Score**: N/A\n- **Impact**: Open Redirect\n- **Exploit Status**: Proof-of-Concept\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Flask-Security with SECURITY_REDIRECT_ALLOW_SUBDOMAINS enabled\n- **Flask-Security**: <= 5.8.0 (Fixed in: `5.8.1`)\n\n## Mitigation\n\n- Upgrade Flask-Security to version 5.8.1 or later\n- Disable subdomain redirects by setting SECURITY_REDIRECT_ALLOW_SUBDOMAINS = False\n- Deploy custom validation middleware to sanitize redirection parameters\n\n**Remediation Steps:**\n1. Verify the current installed version using 'pip show Flask-Security'\n2. Upgrade the package to a fixed version: 'pip install --upgrade Flask-Security>=5.8.1'\n3. Restart the Flask application process to apply the changes\n4. Verify that redirect requests containing backslashes are rejected with an error\n\n## References\n\n- [GitHub Security Advisory GHSA-w2j7-f3c6-g8cw](https://github.com/pallets-eco/flask-security/security/advisories/GHSA-w2j7-f3c6-g8cw)\n- [OSV Vulnerability Database Registry](https://osv.dev/vulnerability/CVE-2023-49438)\n- [National Vulnerability Database (NVD) Analysis for CVE-2023-49438](https://nvd.nist.gov/vuln/detail/CVE-2023-49438)\n- [GitLab Advisory Entry for Flask-Security Open Redirect Class](https://advisories.gitlab.com/pypi/flask-security-too/CVE-2023-49438)\n- [GitHub Advisories Main Entry Portal](https://github.com/advisories/GHSA-W2J7-F3C6-G8CW)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-W2J7-F3C6-G8CW) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-24T01:41:39.000000Z"}