3 matches found
bivouac-framework (=0.1.0a0), cornerstonecms (>=0.1.0 <=0.1.20) +6 more potentially affected by CVE-2021-23401 via flask-user (>=0.6.1 <=1.0.2.2)
flask-user PYPI version =0.6.1, =0.1.0, =0.1.0, =0.0.39, =0.8.8, =0.1.0, =0.1.1a6 Source cves: CVE-2021-23401 Source advisory: OSV:GHSA-4298-89HC-6RFV...
CVE-2021-23401
Vulnerability (CVE-2021-23401) affects all versions of Flask-User. The issue occurs in the make_safe_url function, which can bypass URL validation and redirect to an arbitrary URL when multiple backslashes are provided (e.g., /////evil.com/path or \\evil.com/path). Exploitation requires either an...
bivouac-framework (=0.1.0a0), cornerstonecms (>=0.1.0 <=0.1.20) +6 more potentially affected by CVE-2021-23401 via flask-user (>=0.6.1 <=1.0.2.2)
flask-user PYPI version =0.6.1, =0.1.0, =0.1.0, =0.0.39, =0.8.8, =0.1.0, =0.1.1a6 Source cves: CVE-2021-23401 Source advisory: SNYK:PYTHON-FLASKUSER-1293188...