Replicated Classic CVE-2021-43058

SummaryURL redirection to untrusted site (“Open Redirect”).
Advisory Release Date28 Oct 2020 11 AM PDT (Pacific Time, -7 hours)
ProductReplicated Classic
Affected Replicated Classic Versions
  • < 2.53.1
Patched Replicated Classic Versions
  • 2.53.1 – (all later versions)
  • CVE-2021-43058
Replicated KOTS is not affected by this vulnerability.

Summary of Vulnerability

This advisory discloses a low severity security vulnerability in the versions of Replicated Classic listed above (“Affected Replicated Classic Versions”)


An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site.


This issue was discovered during a security review on 16 September 2021.
Patched versions were released on 23 September 2021.
This advisory was embargoed until 28 Oct 2021.


Credit for finding and disclosing this vulnerability goes to Stephan Sekula.