138 matches found
CVE-2021-21241
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...
Design/Logic Flaw
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...
pidb (=6.0.1), task-manager (>=6.0.0 <=6.3.0) potentially affected by CVE-2021-21241 via flask-security-too (>=3.3.0 <=3.3.3)
flask-security-too PYPI version =3.3.0, =6.0.0, =6.3.0 Source cves: CVE-2021-21241 Source advisory: OSV:PYSEC-2021-91...
PYSEC-2021-91
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...
CVE-2021-21241
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...
PYSEC-2021-14
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...
PYSEC-2021-91
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...
pidb (=6.0.1), task-manager (>=6.0.0 <=6.3.0) potentially affected by CVE-2021-21241 via flask-security-too (>=3.3.0 <=3.3.3)
flask-security-too PYPI version =3.3.0, =6.0.0, =6.3.0 Source cves: CVE-2021-21241 Source advisory: OSV:GHSA-HH7M-RX4F-4VPV...
CVE-2021-21241
The CVE-2021-21241 issue affects the Python package Flask-Security-Too (independently maintained fork of Flask-Security). In versions 3.3.0 through 3.4.4 (and including 3.4.5 before patch) the /login and /change endpoints could return the authenticated user’s token in response to a GET request. S...
CVE-2021-21241 CSRF can expose users authentication token in Flask-Security-Too
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...
CVE-2021-21241
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...
PT-2021-14351 · Pypi +1 · Flask-Security-Too +1
Name of the Vulnerable Software and Affected Versions: Flask-Security-Too versions 3.3.0 through 3.4.5 Description: The issue concerns the Flask-Security-Too package, which is used to add security features to Flask applications. In affected versions, the /login and /change endpoints can return th...
CSRF can expose users authentication token
Issue The /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token. Patches Version 3.4.5 and soon to ...
Flask Middleware Flask-security Cross-Site Request Forgery Vulnerability
Flask Middleware Flask-security is a Python-based codebase from the Flask Middleware organization that provides security features for Flask applications. A cross-site request forgery vulnerability exists in Flask Middleware Flask-security versions 3.3.0 through 3.4.5. The vulnerability stems from...
pidb (=6.0.1), task-manager (>=6.0.0 <=6.3.0) potentially affected by CVE-2021-21241 via flask-security-too (>=3.3.0 <=3.3.3)
flask-security-too PYPI version =3.3.0, =6.0.0, =6.3.0 Source cves: CVE-2021-21241 Source advisory: SNYK:PYTHON-FLASKSECURITYTOO-1056906...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. The /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicio...
DLA-1892-1 flask - security update
Bulletin has no description...
OPENSUSE-SU-2019:1112-1 Security update for python-Flask
This update for python-Flask to version 0.12.4 fixes the following issues: Security issue fixed: - CVE-2018-1000656: Fixed an improper input validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. bsc1106279 This update was imported...