VYPR

rpm package

opensuse/python-Flask-Security&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-Flask-Security&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2023-49438Dec 26, 2023
    affected < 5.5.2-1.1fixed 5.5.2-1.1

    An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.

  • CVE-2021-23385Aug 2, 2022
    affected < 5.5.2-1.1fixed 5.5.2-1.1

    This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vu

  • CVE-2021-21241Jan 11, 2021
    affected < 5.5.2-1.1fixed 5.5.2-1.1

    The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5