138 matches found
Open redirect vulnerability in Flask-Security-Too
An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...
GHSA-672H-6X89-76M5 Open redirect vulnerability in Flask-Security-Too
An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...
Open redirect vulnerability in Flask-Security-Too
An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...
Open redirect
An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...
faradaysec (>=3.14.1 <=5.20.1), flask-authoob (>=0.0.21 <=0.0.34) +13 more potentially affected by CVE-2023-49438 via flask-security-too (>=3.2.0rc1 <=5.2.0)
flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =7.0.0, =6.0.0, =7.0.8.dev28841, =2.0.0, =3.5.6.dev19088, =1.0.3.dev126, =3.1.0, =2.1.0, =0.0.21, =1.0.2.dev51 Source cves: CVE-2023-49438 Source advisory: OSV:PYSEC-2023-248...
PYSEC-2023-248
An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...
Flask Middleware Flask-security Security Vulnerabilities
Flask Middleware Flask-security is a Python-based codebase from the Flask Middleware organization that provides security features for Flask applications. Flask Middleware Flask-security A security vulnerability exists in Flask-Security-Too 5.3.2 and earlier versions that originates from a...
CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...
CVE-2023-49438
Vulnerability summary (CVE-2023-49438) : The Python package Flask-Security-Too
PT-2023-8085
Name of the Vulnerable Software and Affected Versions Flask-Security-Too versions =2.1.0 may impact applications that were previously not affected, as the autocorrect location header configuration was changed to False, making location headers in redirects relative by default. Recommendations For...
FreeBSD : py-flask-security -- user redirect to arbitrary URL vulnerability (06492bd5-085a-4cc0-9743-e30164bdcb1c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 06492bd5-085a-4cc0-9743-e30164bdcb1c advisory. - This affects all versions of package Flask-Security. When using the getpostlogoutredirect and...
Debian: Security Advisory (DLA-3545-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3545-1] flask-security security update
Debian LTS Advisory DLA-3545-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton August 28, 2023 https://wiki.debian.org/LTS Package : flask-security Version : 1.7.5-2+deb10u1 CVE ID : CVE-2021-23385 Debian Bug : 1021279 It was discovered that when using the...
DLA-3545-1 flask-security - security update
Bulletin has no description...
Debian dla-3545 : python3-flask-security - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3545 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3545-1 [email protected] https://www.debian.org/lts/security/...
SUSE-SU-2023:2263-2 Security update for python-Flask
This update for python-Flask fixes the following issues: - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching bsc1211246...
MGASA-2023-0193 Updated python-flask packages fix security vulnerability
Client 'session' cookie sent to other clients CVE-2023-30861...
Important: python-flask
Issue Overview: Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one...
SUSE-SU-2023:2263-1 Security update for python-Flask
This update for python-Flask fixes the following issues: - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching bsc1211246...
SUSE-SU-2023:1928-1 Security update for python-Flask
This update for python-Flask fixes the following issues: - CVE-2019-1010083: Fixed DoS via crafted encoded JSON data bsc1141968...