138 matches found
CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
DEBIAN-CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
Input validation
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
UBUNTU-CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
CVE-2021-23385 Open Redirect
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
CVE-2021-23385
CVE-2021-23385 affects Flask-Security across all versions. The get_post_logout_redirect and get_post_login_redirect functions can bypass URL validation, allowing an open redirect to an arbitrary URL when a user supplies multiple backslashes (e.g., \evil.com/path). Exploitation requires either usi...
CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
CVE-2021-23385
This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...
PT-2022-9396
Name of the Vulnerable Software and Affected Versions Flask-Security versions all Description This issue allows an attacker to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes. The vulnerability is only exploitable if an alternative WSGI server othe...
py-flask-security -- user redirect to arbitrary URL vulnerability
Snyk reports: This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerabilit...
Path traversal
The umeshpatil-dev/Homeinternet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2021-21241
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...
Open Redirect in Flask-Security-Too
Withdrawn Duplicate of GHSA-6qmf-fj6m-686c Original description Flask-Security-Too allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc...
GHSA-GXJJ-F44V-QM94 Open Redirect in Flask-Security-Too
Withdrawn Duplicate of GHSA-6qmf-fj6m-686c Original description Flask-Security-Too allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc...
Flask-Security 输入验证错误漏洞
Flask-Security is a software application. Quickly add security features to Flask applications. Flask-Security suffers from an input validation error vulnerability that stems from mishandling user-supplied data, which could allow a remote attacker to redirect a victim to an arbitrary URL...
Open Redirect
Overview Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Open Redirect. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing...
faradaysec (>=3.14.1 <=3.14.4), flask-authoob (>=0.0.21 <=0.0.34) +4 more potentially affected by CVE-2021-32618 via flask-security-too (>=3.2.0rc1 <=4.0.1)
flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =6.0.0, =6.4.0 Source cves: CVE-2021-32618 Source advisory: SNYK:PYTHON-FLASKSECURITYTOO-1293190...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This...