CVE-2021-21377

Name of the Vulnerable Software and Affected Versions OMERO.web versions prior to 5.9.0

Description OMERO.web is open source Django-based software for managing microscopy imaging. It supports redirection to a given URL after performing login or switching the group context. However, these URLs are not validated in versions prior to 5.9.0, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting, and external URLs are not considered valid unless specified in the omero.web.redirect allowed hosts setting.

Recommendations For versions prior to 5.9.0, update to version 5.9.0 to add URL validation before redirecting. As a temporary workaround, consider specifying valid external URLs in the omero.web.redirect allowed hosts setting to minimize the risk of exploitation.