CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploits1References6Affected Software1

vulnersOsv•added 2021/08/09 8:44 p.m.•1 views

bivouac-framework (=0.1.0a0), cornerstonecms (>=0.1.0 <=0.1.20) +6 more potentially affected by CVE-2021-23401 via flask-user (>=0.6.1 <=1.0.2.2)

flask-user PYPI version =0.6.1, =0.1.0, =0.1.0, =0.0.39, =0.1.0, =0.1.1a6 Source cves: CVE-2021-23401 Source advisory: OSV:GHSA-4298-89HC-6RFV...

CNVD•added 2021/07/07 12:0 a.m.•5 views

Unspecified Vulnerability in Flask-User

Flask-User is a software application. Customizable user authentication and user management, register, confirm, login, change username, password, forget password, etc. A security vulnerability exists in Flask-User, which can be exploited to bypass url authentication and redirect a user to an...

6.1CVSS7.1AI score0.00265EPSS

Exploits1References1

OSV•added 2021/07/05 11:15 a.m.•5 views

CVE-2021-23401

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

6.1CVSS5.9AI score0.00265EPSS

NVD•added 2021/07/05 11:15 a.m.•14 views

CVE-2021-23401

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

6.1CVSS0.00265EPSS

vulnersOsv•added 2021/07/05 11:15 a.m.•0 views

lamon (=0.1.0), tendril-framework (>=0.1.0a3 <=0.1.0a6) potentially affected by CVE-2021-23401 via flask-user (>=0.6.1 <=0.6.21)

flask-user PYPI version =0.6.1, =0.1.0a3, =0.1.0a6 Source cves: CVE-2021-23401 Source advisory: OSV:PYSEC-2021-337...

PyPA•added 2021/07/05 11:15 a.m.•5 views

PYSEC-2021-337

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an...

6.1CVSS7AI score0.00265EPSS

Exploits1References4Affected Software1

OSV•added 2021/07/05 11:15 a.m.•0 views

PYSEC-2021-337

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

vulnersOsv•added 2021/07/05 11:15 a.m.•3 views

Exploits1References4

bivouac-framework (=0.1.0a0), cornerstonecms (>=0.1.0 <=0.1.20) +5 more potentially affected by CVE-2021-23401 via flask-user (=1.0.2.2)

flask-user PYPI version =1.0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on flask-user and may be impacted: - bivouac-framework =0.1.0a0 - cornerstonecms =0.1.0, =0.1.0, =0.0.39, =0.1.0, =0.1.1a6 Source cves: CVE-2021-23401 Source advisory:...

CVE•added 2021/07/05 10:25 a.m.•98 views

CVE-2021-23401

Vulnerability (CVE-2021-23401) affects all versions of Flask-User. The issue occurs in the make_safe_url function, which can bypass URL validation and redirect to an arbitrary URL when multiple backslashes are provided (e.g., /////evil.com/path or \\evil.com/path). Exploitation requires either an...

6.1CVSS6.1AI score0.00265EPSS

Exploits1References3Affected Software1

Cvelist•added 2021/07/05 10:25 a.m.•11 views

CVE-2021-23401 Open Redirect

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

5.4CVSS6.5AI score0.00265EPSS

ATTACKERKB•added 2021/07/05 10:20 a.m.•2 views

CVE-2021-23401

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

6.1CVSS5.7AI score0.00265EPSS

Exploits1References4

CNNVD•added 2021/07/05 12:0 a.m.•4 views

flask-user 输入验证错误漏洞

6.1CVSS5.8AI score0.00265EPSS

vulnersOsv•added 2021/06/11 1:23 p.m.•1 views

bivouac-framework (=0.1.0a0), cornerstonecms (>=0.1.0 <=0.1.20) +6 more potentially affected by CVE-2021-23401 via flask-user (>=0.6.1 <=1.0.2.2)

flask-user PYPI version =0.6.1, =0.1.0, =0.1.0, =0.0.39, =0.1.0, =0.1.1a6 Source cves: CVE-2021-23401 Source advisory: SNYK:PYTHON-FLASKUSER-1293188...