CVE-2021-32645

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-32645
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32645.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32645
Aliases
Related
Published
2021-05-27T17:15:08.127Z
Modified
2026-03-20T04:08:46.262030Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the default Hostname Identification is used and the environment uses tenants that have force_https set to true (default: false). Version 5.7.2 contains the relevant patches to fix this bug. Stripping the URL from special characters to prevent specially crafted URL's from being redirected to. As a work around users can set the force_https to every tenant to false, however this may degrade connection security.

References

Affected packages

Git / github.com/tenancy/multi-tenant

Affected ranges

Type
GIT
Repo
https://github.com/tenancy/multi-tenant
Events
Introduced
785c4482d268cab6d8e20d8ea3240940a4f74f62
Fixed
e5afd7b443523d4002ec3520dadb7e02dc4e1d86
Fixed
9c837a21bccce9bcaeb90033ef200d84f0d9e164
Database specific 
{
    "versions": [
        {
            "introduced": "5.6.0"
        },
        {
            "fixed": "5.7.2"
        }
    ]
}

Affected versions

5.*
5.6.0
5.6.1
5.6.2
5.6.3
5.6.4
5.7.0
5.7.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32645.json"