13 matches found
FreeBSD : py-flask-security -- user redirect to arbitrary URL vulnerability (06492bd5-085a-4cc0-9743-e30164bdcb1c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 06492bd5-085a-4cc0-9743-e30164bdcb1c advisory. - This affects all versions of package Flask-Security. When using the getpostlogoutredirect and...
[SECURITY] [DLA 3545-1] flask-security security update
Debian LTS Advisory DLA-3545-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton August 28, 2023 https://wiki.debian.org/LTS Package : flask-security Version : 1.7.5-2+deb10u1 CVE ID : CVE-2021-23385 Debian Bug : 1021279 It was discovered that when using the...
Debian dla-3545 : python3-flask-security - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3545 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3545-1 [email protected] https://www.debian.org/lts/security/...
Updated python-flask-security packages fix security vulnerability
Open redirect CVE-2021-23385...
openSUSE 15 Security Update : python-Flask-Security (SUSE-SU-2022:3834-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:3834-1 advisory. - CVE-2021-23385: Fixed open redirect bsc1202105. Tenable has extracted the preceding description block directly from the SUSE security advisory. Note that...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Flask-Security-Too (SUSE-SU-2022:3867-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3867-1 advisory. - CVE-2021-23385: Fixed open redirect bsc1202105. Tenable has extracted the preceding description block...
SUSE: Security Advisory (SUSE-SU-2022:3867-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:3834-1 Security update for python-Flask-Security
This update for python-Flask-Security fixes the following issues: - CVE-2021-23385: Fixed open redirect bsc1202105...
betterlifepsi (>=0.6.7.post3 <=0.6.8), cg (>=1.0.0 <=13.1.0) +23 more potentially affected by CVE-2021-23385 via flask-security (>=1.7.5 <=3.0.0)
flask-security PYPI version =1.7.5, =0.6.7.post3, =1.0.0, =0.0.1, =2.5.0, =1.0.0a1, =1.0.0a2, =1.0.0a23, =0.21.0, =1.0.2, =1.2.6 and more Source cves: CVE-2021-23385 Source advisory: OSV:GHSA-CG8C-GC2J-2WF7...
CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
UBUNTU-CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...