GHSA-CG8C-GC2J-2WF7 Flask-Security vulnerable to Open Redirect

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

URL Redirection to Untrusted Site ('Open Redirect')

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

DEBIAN-CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

UBUNTU-CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

py-flask-security -- user redirect to arbitrary URL vulnerability

Snyk reports: This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerabilit...

PT-2022-9396 · Werkzeug +4 · Werkzeug +4

Name of the Vulnerable Software and Affected Versions: Flask-Security versions all Description: This issue allows an attacker to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes. The vulnerability is only exploitable if an alternative WSGI server...

GHSA-4298-89HC-6RFV Open Redirect in Flask-User

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple backslashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

CVE-2021-23401

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

Open redirect in Flask-Unchained

This affects the package Flask-Unchained before 0.9.0. When using the the validateredirecturl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only exploitable if an...

PYSEC-2021-96

This affects the package Flask-Unchained before 0.9.0. When using the the validateredirecturl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an...

CVE-2021-23393 Open Redirect

This affects the package Flask-Unchained before 0.9.0. When using the the validateredirecturl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only exploitable if an...

CVE-2021-23393

This affects the package Flask-Unchained before 0.9.0. When using the the validateredirecturl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only exploitable if an...

Open Redirect

Overview Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Open Redirect. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing...

PYSEC-2021-123

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views e....

Open Redirect in Flask-Security-Too

Flask-Security allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc network location as the requesting URL. This check utilizes Pythons...

CVE-2017-7140

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions...

CVE-2017-7140

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions...

Apple iOS Keyboard Suggestions Information Disclosure Vulnerability

Apple iOS is an operating system developed by Apple for mobile devices.The Keyboard Suggestions component is one of the keyboard support components. A security vulnerability exists in the Keyboard Suggestions component in Apple iOS versions prior to 11, which stems from the iOS keyboard caching...

Hidden Apple iOS 5 Autocorrect Keyboard Bar Found by Researcher

In the month since Apple’s release of iOS 5, a handful of features and workarounds have been found hidden beneath the mobile operating system’s surface. A few days ago, another feature was added to that list – an autocorrect keyboard bar. According to 9to5Mac, the “Android-like” feature allows...