GHSA-4298-89HC-6RFV Open Redirect in Flask-User

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple backslashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

Unspecified Vulnerability in Flask-User

Flask-User is a software application. Customizable user authentication and user management, register, confirm, login, change username, password, forget password, etc. A security vulnerability exists in Flask-User, which can be exploited to bypass url authentication and redirect a user to an...

CVE-2021-23401

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

PYSEC-2021-337

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an...

CVE-2021-23401

This affects all versions of package Flask-User. When using the makesafeurl function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\evil.com/path. This vulnerability is only exploitable if an...

flask-user 输入验证错误漏洞

Flask-User is a software application. Customizable user authentication and user management, register, confirm, login, change username, password, forget password, etc. A security vulnerability exists in Flask-User, which can be exploited to bypass url authentication and redirect a user to an...