{"id":"CVE-2021-32645","details":"Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the default Hostname Identification is used and the environment uses tenants that have `force_https` set to `true` (default: `false`). Version 5.7.2 contains the relevant patches to fix this bug. Stripping the URL from special characters to prevent specially crafted URL's from being redirected to. As a work around users can set the `force_https` to every tenant to `false`, however this may degrade connection security.","aliases":["GHSA-4r8q-gv9j-3xx6"],"modified":"2026-03-20T04:08:46.262030Z","published":"2021-05-27T17:15:08.127Z","related":["GHSA-4r8q-gv9j-3xx6"],"references":[{"type":"ADVISORY","url":"https://github.com/tenancy/multi-tenant/security/advisories/GHSA-4r8q-gv9j-3xx6"},{"type":"ADVISORY","url":"https://packagist.org/packages/hyn/multi-tenant"},{"type":"ADVISORY","url":"https://webmasters.googleblog.com/2009/01/open-redirect-urls-is-your-site-being.html"},{"type":"FIX","url":"https://github.com/tenancy/multi-tenant/commit/9c837a21bccce9bcaeb90033ef200d84f0d9e164"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tenancy/multi-tenant","events":[{"introduced":"785c4482d268cab6d8e20d8ea3240940a4f74f62"},{"fixed":"e5afd7b443523d4002ec3520dadb7e02dc4e1d86"},{"fixed":"9c837a21bccce9bcaeb90033ef200d84f0d9e164"}],"database_specific":{"versions":[{"introduced":"5.6.0"},{"fixed":"5.7.2"}]}}],"versions":["5.6.0","5.6.1","5.6.2","5.6.3","5.6.4","5.7.0","5.7.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32645.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}