Moderate severityNVD Advisory· Published Dec 26, 2023· Updated Nov 4, 2025
CVE-2023-49438
CVE-2023-49438
Description
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Flask-Security-TooPyPI | < 5.3.3 | 5.3.3 |
Affected products
3- Flask/Flask-Security-Toodescription
- ghsa-coords2 versions
< 5.3.3+ 1 more
- (no CPE)range: < 5.3.3
- (no CPE)range: < 5.5.2-1.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-672h-6x89-76m5ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HCYH377TPUMUHELPI36PDS2ZM4VFIXM/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2023-49438ghsaADVISORY
- github.com/Flask-Middleware/flask-security/commit/8b5abc4d4db9926a3d76b34b8b03255effb5e712ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/flask-security-too/PYSEC-2023-248.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HCYH377TPUMUHELPI36PDS2ZM4VFIXMghsaWEB
News mentions
0No linked articles in our index yet.