18 matches found
EUVD-2021-0089
Malware in sbrugna...
SUSE CVE-2014-1891
Multiple integer overflows in the 1 FLASKGETBOOL, 2 FLASKSETBOOL, 3 FLASKUSER, and 4 FLASKCONTEXTTOSID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service processor fault via unspecified vectors, ...
GHSA-4298-89HC-6RFV Open Redirect in Flask-User
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple backslashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...
Open Redirect in Flask-User
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple backslashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...
bivouac-framework (=0.1.0a0), cornerstonecms (>=0.1.0 <=0.1.20) +6 more potentially affected by CVE-2021-23401 via flask-user (>=0.6.1 <=1.0.2.2)
flask-user PYPI version =0.6.1, =0.1.0, =0.1.0, =0.0.39, =0.1.0, =0.1.1a6 Source cves: CVE-2021-23401 Source advisory: OSV:GHSA-4298-89HC-6RFV...
Unspecified Vulnerability in Flask-User
Flask-User is a software application. Customizable user authentication and user management, register, confirm, login, change username, password, forget password, etc. A security vulnerability exists in Flask-User, which can be exploited to bypass url authentication and redirect a user to an...
CVE-2021-23401
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...
CVE-2021-23401
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...
lamon (=0.1.0), tendril-framework (>=0.1.0a3 <=0.1.0a6) potentially affected by CVE-2021-23401 via flask-user (>=0.6.1 <=0.6.21)
flask-user PYPI version =0.6.1, =0.1.0a3, =0.1.0a6 Source cves: CVE-2021-23401 Source advisory: OSV:PYSEC-2021-337...
PYSEC-2021-337
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an...
PYSEC-2021-337
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...
bivouac-framework (=0.1.0a0), cornerstonecms (>=0.1.0 <=0.1.20) +5 more potentially affected by CVE-2021-23401 via flask-user (=1.0.2.2)
flask-user PYPI version =1.0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on flask-user and may be impacted: - bivouac-framework =0.1.0a0 - cornerstonecms =0.1.0, =0.1.0, =0.0.39, =0.1.0, =0.1.1a6 Source cves: CVE-2021-23401 Source advisory:...
CVE-2021-23401 Open Redirect
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...
CVE-2021-23401
Vulnerability (CVE-2021-23401) affects all versions of Flask-User. The issue occurs in the make_safe_url function, which can bypass URL validation and redirect to an arbitrary URL when multiple backslashes are provided (e.g., /////evil.com/path or \\evil.com/path). Exploitation requires either an...
CVE-2021-23401
This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...
flask-user 输入验证错误漏洞
Flask-User is a software application. Customizable user authentication and user management, register, confirm, login, change username, password, forget password, etc. A security vulnerability exists in Flask-User, which can be exploited to bypass url authentication and redirect a user to an...
bivouac-framework (=0.1.0a0), cornerstonecms (>=0.1.0 <=0.1.20) +6 more potentially affected by CVE-2021-23401 via flask-user (>=0.6.1 <=1.0.2.2)
flask-user PYPI version =0.6.1, =0.1.0, =0.1.0, =0.0.39, =0.1.0, =0.1.1a6 Source cves: CVE-2021-23401 Source advisory: SNYK:PYTHON-FLASKUSER-1293188...
Open Redirect
Overview Flask-User is a Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more. Affected versions of this package are vulnerable to Open Redirect. When using the makesafeurl function, it is possible to bypass URL validation...