Lucene search
+L

138 matches found

Github Security Blog
Github Security Blog
added 2023/12/27 12:30 a.m.33 views

Open redirect vulnerability in Flask-Security-Too

An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...

6.1CVSS6.9AI score0.01079EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2023/12/27 12:30 a.m.16 views

GHSA-672H-6X89-76M5 Open redirect vulnerability in Flask-Security-Too

An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...

6.1CVSS6AI score0.01079EPSS
Exploits1References6
GitLab Advisory Database
GitLab Advisory Database
added 2023/12/27 12:0 a.m.36 views

Open redirect vulnerability in Flask-Security-Too

An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...

6.1CVSS6AI score0.01079EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2023/12/26 10:15 p.m.12 views

Open redirect

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

5.8CVSS6.7AI score0.01079EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2023/12/26 10:15 p.m.4 views

faradaysec (>=3.14.1 <=5.20.1), flask-authoob (>=0.0.21 <=0.0.34) +13 more potentially affected by CVE-2023-49438 via flask-security-too (>=3.2.0rc1 <=5.2.0)

flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =7.0.0, =6.0.0, =7.0.8.dev28841, =2.0.0, =3.5.6.dev19088, =1.0.3.dev126, =3.1.0, =2.1.0, =0.0.21, =1.0.2.dev51 Source cves: CVE-2023-49438 Source advisory: OSV:PYSEC-2023-248...

6.1CVSS6.3AI score0.01079EPSS
Exploits1
PyPA
PyPA
added 2023/12/26 10:15 p.m.6 views

PYSEC-2023-248

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

6.1CVSS6.8AI score0.01079EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.3 views

Flask Middleware Flask-security Security Vulnerabilities

Flask Middleware Flask-security is a Python-based codebase from the Flask Middleware organization that provides security features for Flask applications. Flask Middleware Flask-security A security vulnerability exists in Flask-Security-Too 5.3.2 and earlier versions that originates from a...

6.1CVSS6.5AI score0.01079EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/12/26 12:0 a.m.33 views

CVE-2023-49438

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

6.2AI score0.01079EPSS
Exploits1References3
CVE
CVE
added 2023/12/26 12:0 a.m.95 views

CVE-2023-49438

Vulnerability summary (CVE-2023-49438) : The Python package Flask-Security-Too

6.1CVSS5.8AI score0.01079EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.5 views

PT-2023-8085

Name of the Vulnerable Software and Affected Versions Flask-Security-Too versions =2.1.0 may impact applications that were previously not affected, as the autocorrect location header configuration was changed to False, making location headers in redirects relative by default. Recommendations For...

6.4CVSS6.6AI score0.01079EPSS
Exploits1References26
Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.23 views

FreeBSD : py-flask-security -- user redirect to arbitrary URL vulnerability (06492bd5-085a-4cc0-9743-e30164bdcb1c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 06492bd5-085a-4cc0-9743-e30164bdcb1c advisory. - This affects all versions of package Flask-Security. When using the getpostlogoutredirect and...

6.1CVSS6.8AI score0.00913EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/08/29 12:0 a.m.12 views

Debian: Security Advisory (DLA-3545-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.4AI score0.00913EPSS
Exploits1References4
Debian
Debian
added 2023/08/28 5:6 p.m.53 views

[SECURITY] [DLA 3545-1] flask-security security update

Debian LTS Advisory DLA-3545-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton August 28, 2023 https://wiki.debian.org/LTS Package : flask-security Version : 1.7.5-2+deb10u1 CVE ID : CVE-2021-23385 Debian Bug : 1021279 It was discovered that when using the...

6.1CVSS6.6AI score0.00913EPSS
Exploits1
OSV
OSV
added 2023/08/28 12:0 a.m.34 views

DLA-3545-1 flask-security - security update

Bulletin has no description...

6.1CVSS6.2AI score0.00913EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/08/28 12:0 a.m.23 views

Debian dla-3545 : python3-flask-security - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3545 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3545-1 [email protected] https://www.debian.org/lts/security/...

6.1CVSS6.8AI score0.00913EPSS
Exploits1References4
OSV
OSV
added 2023/07/20 11:55 a.m.7 views

SUSE-SU-2023:2263-2 Security update for python-Flask

This update for python-Flask fixes the following issues: - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching bsc1211246...

7.5CVSS7.4AI score0.01261EPSS
Exploits1References3
OSV
OSV
added 2023/06/08 7:34 p.m.6 views

MGASA-2023-0193 Updated python-flask packages fix security vulnerability

Client 'session' cookie sent to other clients CVE-2023-30861...

7.5CVSS7.4AI score0.01261EPSS
Exploits1References3
Amazon
Amazon
added 2023/06/07 12:0 a.m.8 views

Important: python-flask

Issue Overview: Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one...

7.5CVSS8.2AI score0.01261EPSS
Exploits1
OSV
OSV
added 2023/05/22 10:16 a.m.9 views

SUSE-SU-2023:2263-1 Security update for python-Flask

This update for python-Flask fixes the following issues: - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching bsc1211246...

7.5CVSS7.4AI score0.01261EPSS
Exploits1References3
OSV
OSV
added 2023/04/20 9:23 a.m.8 views

SUSE-SU-2023:1928-1 Security update for python-Flask

This update for python-Flask fixes the following issues: - CVE-2019-1010083: Fixed DoS via crafted encoded JSON data bsc1141968...

7.5CVSS7.6AI score0.01884EPSS
Exploits1References3
Rows per page
Query Builder