CVE-2021-21377: 
Python vulnerability analysis and mitigation

OMERO.web, an open source Django-based software for managing microscopy imaging, was found to contain a URL validation vulnerability (CVE-2021-21377) prior to version 5.9.0. The software supported redirection to specified URLs after login or group context switching without proper validation, allowing potential redirection to untrusted sites (OME Advisory, GitHub Advisory).

The vulnerability is classified as CWE-601 (URL Redirection to Untrusted Site). It received a CVSS v3.1 base score of 5.4 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) from NVD, while GitHub assessed it with a score of 4.8 MEDIUM (Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N) (NVD).

The vulnerability could allow attackers to redirect users to malicious websites after login or when switching group contexts. External URLs were not validated, potentially exposing users to phishing attacks or other malicious content (GitHub Advisory).

The vulnerability was patched in OMERO.web version 5.9.0, which added URL validation before redirecting. The update includes a new setting 'omero.web.redirectallowedhosts' that must be configured to explicitly allow external URLs. Users should upgrade to version 5.9.0 or later to resolve this security issue (OME Advisory).