6 matches found
[SECURITY] Fedora 44 Update: python-flask-httpauth-4.8.1-1.fc44
FlaskHTTPAuth Basic and Digest HTTP authentication for Flask routes...
[SECURITY] Fedora 43 Update: python-flask-httpauth-4.8.1-1.fc43
FlaskHTTPAuth Basic and Digest HTTP authentication for Flask routes...
changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering
Summary On 13 routes across 5 blueprint files, the @loginoptionallyrequired decorator is placed before outer to @blueprint.route instead of after it. In Flask, @route must be the outermost decorator because it registers the function it receives. When the order is reversed, @route registers the...
GHSA-JMRH-XMGH-X9J4 changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering
Summary On 13 routes across 5 blueprint files, the @loginoptionallyrequired decorator is placed before outer to @blueprint.route instead of after it. In Flask, @route must be the outermost decorator because it registers the function it receives. When the order is reversed, @route registers the...
PT-2026-30758
Summary On 13 routes across 5 blueprint files, the @login optionally required decorator is placed before outer to @blueprint.route instead of after it. In Flask, @route must be the outermost decorator because it registers the function it receives. When the order is reversed, @route registers the...
Authorization Bypass in MLflow Basic Auth (unprotected Flask/GraphQL routes)
This report is not public...