69 matches found
Python Flask-Security-Too <=5.3.2 - Open Redirect
An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks NVD...
Always-Incorrect Control Flow Implementation
Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the OAuth reauthentication for stale sessions. An attacker can perform unauthorized account actions by completing OAuth verification with their own identity in a stale, authenticated victi...
GHSA-97R5-PG8X-P63P Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance
Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth...
PT-2026-42857
Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth...
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance
Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth identity...
EUVD-2021-0087
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-32618
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Python Flask-Security-Too package is used for adding security features to your Flask application. It is an is an independently maintained version of...
CVE-2021-32618
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views e....
OPENSUSE-SU-2024:13561-1 python310-Flask-Security-Too-5.3.2-3.1 on GA media
These are all security issues fixed in the python310-Flask-Security-Too-5.3.2-3.1 package on the GA media of openSUSE Tumbleweed...
ROS-20240408-17
Vulnerability in Flask-Security-Too security management tool is related to URL redirection to an untrusted site when processing the "next" request parameter. to an untrusted site when processing the "next" request parameter. Exploitation of the vulnerability could allow an attacker acting remotel...
Fedora: Security Advisory (FEDORA-2024-f34963bef8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : python-flask-security-too (2024-f34963bef8)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f34963bef8 advisory. Backport fix for CVE-2023-49438. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Open Redirect
Flask-Security-Too is vulnerable to Open Redirect. The vulnerability arises due to a lack of redirect validation in the next parameter within the /login and /register routes. An attacker could redirect users to malicious sites via a crafted URL...
SUSE CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...
GHSA-672H-6X89-76M5 Open redirect vulnerability in Flask-Security-Too
An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...
Open redirect vulnerability in Flask-Security-Too
An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...
faradaysec (>=3.14.1 <=5.20.1), flask-authoob (>=0.0.21 <=0.0.34) +13 more potentially affected by CVE-2023-49438 via flask-security-too (>=3.2.0rc1 <=5.2.0)
flask-security-too PYPI version =3.2.0rc1, =3.14.1, =0.0.21, =0.3.1, =4.22.0, =6.0.1, =7.0.0, =6.0.0, =7.0.8.dev28841, =2.0.0, =3.5.6.dev19088, =1.0.3.dev126, =3.1.0, =2.1.0, =0.0.21, =1.0.2.dev51 Source cves: CVE-2023-49438 Source advisory: OSV:GHSA-672H-6X89-76M5...
Open redirect vulnerability in Flask-Security-Too
An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...
Open redirect
An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...
PYSEC-2023-248
An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...