Lucene search
K

138 matches found

OSV
OSV
added 2021/01/11 9:15 p.m.7 views

CVE-2021-21241

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

7.4CVSS7.5AI score
Exploits0References6
Prion
Prion
added 2021/01/11 9:15 p.m.11 views

Design/Logic Flaw

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

4.3CVSS7.4AI score0.00917EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2021/01/11 9:15 p.m.4 views

pidb (=6.0.1), task-manager (>=6.0.0 <=6.3.0) potentially affected by CVE-2021-21241 via flask-security-too (>=3.3.0 <=3.3.3)

flask-security-too PYPI version =3.3.0, =6.0.0, =6.3.0 Source cves: CVE-2021-21241 Source advisory: OSV:PYSEC-2021-91...

7.4CVSS7.1AI score0.00917EPSS
Exploits0
PyPA
PyPA
added 2021/01/11 9:15 p.m.8 views

PYSEC-2021-91

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

7.4CVSS6.8AI score0.00917EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2021/01/11 9:15 p.m.19 views

CVE-2021-21241

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

7.4CVSS7AI score0.00917EPSS
Exploits0References7
OSV
OSV
added 2021/01/11 9:15 p.m.6 views

PYSEC-2021-14

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

7.1AI score
Exploits0References6
OSV
OSV
added 2021/01/11 9:15 p.m.31 views

PYSEC-2021-91

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

7.4CVSS2.7AI score0.00917EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2021/01/11 8:38 p.m.5 views

pidb (=6.0.1), task-manager (>=6.0.0 <=6.3.0) potentially affected by CVE-2021-21241 via flask-security-too (>=3.3.0 <=3.3.3)

flask-security-too PYPI version =3.3.0, =6.0.0, =6.3.0 Source cves: CVE-2021-21241 Source advisory: OSV:GHSA-HH7M-RX4F-4VPV...

7.4CVSS7.1AI score0.00917EPSS
Exploits0
CVE
CVE
added 2021/01/11 8:35 p.m.110 views

CVE-2021-21241

The CVE-2021-21241 issue affects the Python package Flask-Security-Too (independently maintained fork of Flask-Security). In versions 3.3.0 through 3.4.4 (and including 3.4.5 before patch) the /login and /change endpoints could return the authenticated user’s token in response to a GET request. S...

7.4CVSS7.4AI score0.00917EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2021/01/11 8:35 p.m.24 views

CVE-2021-21241 CSRF can expose users authentication token in Flask-Security-Too

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

7.4CVSS7.7AI score0.00917EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2021/01/11 8:35 p.m.30 views

CVE-2021-21241

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

7.4CVSS7.5AI score0.00917EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/11 12:0 a.m.6 views

PT-2021-14351 · Pypi +1 · Flask-Security-Too +1

Name of the Vulnerable Software and Affected Versions: Flask-Security-Too versions 3.3.0 through 3.4.5 Description: The issue concerns the Flask-Security-Too package, which is used to add security features to Flask applications. In affected versions, the /login and /change endpoints can return th...

8.3CVSS6.5AI score0.01079EPSS
Exploits2References29
GitLab Advisory Database
GitLab Advisory Database
added 2021/01/11 12:0 a.m.25 views

CSRF can expose users authentication token

Issue The /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token. Patches Version 3.4.5 and soon to ...

7.4CVSS7.2AI score0.00917EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2021/01/11 12:0 a.m.11 views

Flask Middleware Flask-security Cross-Site Request Forgery Vulnerability

Flask Middleware Flask-security is a Python-based codebase from the Flask Middleware organization that provides security features for Flask applications. A cross-site request forgery vulnerability exists in Flask Middleware Flask-security versions 3.3.0 through 3.4.5. The vulnerability stems from...

7.4CVSS7AI score0.00917EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2021/01/10 1:0 p.m.3 views

pidb (=6.0.1), task-manager (>=6.0.0 <=6.3.0) potentially affected by CVE-2021-21241 via flask-security-too (>=3.3.0 <=3.3.3)

flask-security-too PYPI version =3.3.0, =6.0.0, =6.3.0 Source cves: CVE-2021-21241 Source advisory: SNYK:PYTHON-FLASKSECURITYTOO-1056906...

7.4CVSS7.1AI score0.00917EPSS
Exploits0
Snyk
Snyk
added 2021/01/10 1:0 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. The /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicio...

7.5CVSS6.8AI score0.00917EPSS
Exploits0References2
OSV
OSV
added 2019/08/20 12:0 a.m.25 views

DLA-1892-1 flask - security update

Bulletin has no description...

7.5CVSS7.5AI score0.03855EPSS
Exploits1
OSV
OSV
added 2019/04/02 11:3 a.m.10 views

OPENSUSE-SU-2019:1112-1 Security update for python-Flask

This update for python-Flask to version 0.12.4 fixes the following issues: Security issue fixed: - CVE-2018-1000656: Fixed an improper input validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. bsc1106279 This update was imported...

7.5CVSS7.5AI score0.03855EPSS
Exploits1References3
Rows per page
Query Builder