Open Redirect in archivy/archivy
Description
Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Open redirect vulnerability in archivy prior to 1.7.0 allows an attacker to redirect users to arbitrary external URLs via a vulnerable endpoint.
Vulnerability
An open redirect vulnerability exists in archivy versions prior to 1.7.0. The flaw allows an attacker to craft a request that redirects a victim to an arbitrary external URL, bypassing the application's intended navigation controls. The vulnerable code path is reachable without any special configuration beyond the default installation [1][3].
Exploitation
Exploitation requires no prior authentication or special privileges; an attacker can simply trick a user into clicking a crafted link or visiting a malicious page. The attacker supplies a URL parameter that is not properly validated, and the application responds with an HTTP redirect to the attacker-controlled location [1][2].
Impact
Successful exploitation leads to an open redirect, which can be used in phishing attacks to mislead users into visiting malicious sites that appear to be part of the trusted archivy application. This primarily impacts the integrity of user trust and can facilitate further social engineering [1][4].
Mitigation
The vulnerability is fixed in archivy version 1.7.1, released on 2022-03-06 [2][3]. Users should upgrade to this version immediately. No known workaround is available for unpatched versions. The CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1][4].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
archivyPyPI | < 1.7.1 | 1.7.1 |
Affected products
3- archivy/archivy/archivyv5Range: unspecified
Patches
12 files changed · +16 −3
archivy/helpers.py+11 −1 modified@@ -5,8 +5,9 @@ import elasticsearch import yaml from elasticsearch import Elasticsearch -from flask import current_app, g +from flask import current_app, g, request from tinydb import TinyDB, Query, operations +from urllib.parse import urlparse, urljoin from archivy.config import BaseHooks, Config @@ -230,3 +231,12 @@ def create_plugin_dir(name): return True except FileExistsError: return False + + +def is_safe_redirect_url(target): + host_url = urlparse(request.host_url) + redirect_url = urlparse(urljoin(request.host_url, target)) + return ( + redirect_url.scheme in ("http", "https") + and host_url.netloc == redirect_url.netloc + )
archivy/routes.py+5 −2 modified@@ -19,7 +19,7 @@ from archivy.models import DataObj, User from archivy import data, app, forms, csrf -from archivy.helpers import get_db, write_config +from archivy.helpers import get_db, write_config, is_safe_redirect_url from archivy.tags import get_all_tags from archivy.search import search, search_frontmatter_tags from archivy.config import Config @@ -264,7 +264,10 @@ def login(): flash("Login successful!", "success") next_url = request.args.get("next") - return redirect(next_url or "/") + if next_url and is_safe_redirect_url(next_url): + return redirect(next_url) + else: + return redirect("/") flash("Invalid credentials", "error") return redirect("/login")
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-28mg-98xm-q493ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-0697ghsaADVISORY
- github.com/archivy/archivy/commit/2d8cb29853190d42572b36deb61127e68d6be574ghsax_refsource_MISCWEB
- github.com/archivy/archivy/releases/tag/v1.7.1ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/archivy/PYSEC-2022-161.yamlghsaWEB
- huntr.dev/bounties/2d0301a2-10ff-48f4-a346-5a0e8707835bghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.