VYPR

PyPI package

flask-user

pkg:pypi/flask-user

Vulnerabilities (1)

  • CVE-2021-23401Jul 5, 2021
    affected <= 1.0.2.2

    This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only ex