VYPR

Flask User

by Lingthio

Source repositories

CVEs (1)

  • CVE-2021-23401Jul 5, 2021
    risk 0.00cvss epss 0.01

    This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only…