Improper Input Validation
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-20: Improper Input Validation |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code uses user-supplied values from flask.request.host to build URLs or HTTP requests without validating them. This allows attackers to manipulate the Host header and potentially influence how your app constructs requests or handles authentication.
Impact#
If exploited, attackers could perform actions like bypassing authentication, triggering password resets to attacker-controlled URLs, or causing your server to make malicious requests (SSRF). This could lead to data leaks, account compromise, or unauthorized access to internal systems.