Lucene search
+L

138 matches found

NVD
NVD
added 2022/08/02 2:15 p.m.19 views

CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS0.00913EPSS
Exploits1References4
OSV
OSV
added 2022/08/02 2:15 p.m.11 views

CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS6.2AI score
Exploits0References4
OSV
OSV
added 2022/08/02 2:15 p.m.2 views

DEBIAN-CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS6.6AI score0.00913EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/08/02 2:15 p.m.41 views

CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS6.6AI score0.00913EPSS
Exploits1References5
Prion
Prion
added 2022/08/02 2:15 p.m.16 views

Input validation

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

5.8CVSS6.2AI score0.00913EPSS
Exploits1References4
OSV
OSV
added 2022/08/02 2:15 p.m.6 views

UBUNTU-CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS6.5AI score0.00913EPSS
Exploits1References6
Cvelist
Cvelist
added 2022/08/02 1:25 p.m.38 views

CVE-2021-23385 Open Redirect

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

5.4CVSS6.4AI score0.00913EPSS
Exploits1References4
CVE
CVE
added 2022/08/02 1:25 p.m.133 views

CVE-2021-23385

CVE-2021-23385 affects Flask-Security across all versions. The get_post_logout_redirect and get_post_login_redirect functions can bypass URL validation, allowing an open redirect to an arbitrary URL when a user supplies multiple backslashes (e.g., \evil.com/path). Exploitation requires either usi...

6.1CVSS6AI score0.00913EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2022/08/02 1:25 p.m.76 views

CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS6.3AI score0.00913EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/08/02 1:22 p.m.5 views

CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

6.1CVSS5.7AI score0.00913EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/08/02 12:0 a.m.5 views

PT-2022-9396

Name of the Vulnerable Software and Affected Versions Flask-Security versions all Description This issue allows an attacker to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes. The vulnerability is only exploitable if an alternative WSGI server othe...

6.1CVSS6.7AI score0.00913EPSS
Exploits1References34
FreeBSD
FreeBSD
added 2022/08/02 12:0 a.m.26 views

py-flask-security -- user redirect to arbitrary URL vulnerability

Snyk reports: This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerabilit...

6.1CVSS7.2AI score0.00913EPSS
Exploits1References1
Prion
Prion
added 2022/07/11 1:15 a.m.11 views

Path traversal

The umeshpatil-dev/Homeinternet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

6.4CVSS9.3AI score0.01242EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2022/05/21 12:7 a.m.16 views

CVE-2021-21241

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

7.4CVSS2.7AI score0.00917EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/12/14 6:14 p.m.24 views

Open Redirect in Flask-Security-Too

Withdrawn Duplicate of GHSA-6qmf-fj6m-686c Original description Flask-Security-Too allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc...

6.1CVSS0.1AI score0.03289EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/12/14 6:14 p.m.2 views

GHSA-GXJJ-F44V-QM94 Open Redirect in Flask-Security-Too

Withdrawn Duplicate of GHSA-6qmf-fj6m-686c Original description Flask-Security-Too allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc...

3.1CVSS5.8AI score0.03289EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.14 views

Flask-Security 输入验证错误漏洞

Flask-Security is a software application. Quickly add security features to Flask applications. Flask-Security suffers from an input validation error vulnerability that stems from mishandling user-supplied data, which could allow a remote attacker to redirect a victim to an arbitrary URL...

6.1CVSS6.7AI score0.00913EPSS
Exploits1References8
Snyk
Snyk
added 2021/05/18 10:46 a.m.3 views

Open Redirect

Overview Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Open Redirect. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing...

6.1CVSS6.9AI score0.00913EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/05/18 10:38 a.m.8 views

faradaysec (>=3.14.1 <=3.14.4), flask-authoob (>=0.0.21 <=0.0.34) +4 more potentially affected by CVE-2021-32618 via flask-security-too (>=3.2.0rc1 <=4.0.1)

flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =6.0.0, =6.4.0 Source cves: CVE-2021-32618 Source advisory: SNYK:PYTHON-FLASKSECURITYTOO-1293190...

6.1CVSS6.5AI score0.03289EPSS
Exploits0
Snyk
Snyk
added 2021/05/18 10:38 a.m.3 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This...

6.1CVSS6.9AI score0.03289EPSS
Exploits0References2
Rows per page
Query Builder