Open Redirect in OMERO.web
CVE-2021-21377

4.8MEDIUM

Key Information:

Vendor

Ome

Status
Omero-web
Vendor
CVE Published:
23 March 2021

What is CVE-2021-21377?

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

omero-web < 5.9.0

References

https://pypi.org/project/omero-web/
x_refsource_MISC
https://github.com/ome/omero-web/blob/master/CHANGELOG.md...
x_refsource_MISC
https://github.com/ome/omero-web/commit/952f8e5d28532fbb1...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.