Lucene search
Veracode Vulnerability DatabaseVERACODE:35251HistoryApr 26, 2022 - 5:14 a.m.
Insecure Return Value
2022-04-2605:14:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
flask
session
captcha
vulnerability
validate
function
attacker
bypass
checks
EPSS
0.001
Percentile
34.7%
flask_session_captcha has insecure return value. The vulnerability exists in validate function in __init__.py because it returns None instead of False if no value passed which allows an attacker to bypass the checks.
References
github.com/Tethik/flask-session-captcha/commit/2811ae23a38d33b620fb7a07de8837c6d65c13e4
github.com/Tethik/flask-session-captcha/commit/a65c5a4ff37f0c6f17a220f6819199618bdd0743
github.com/Tethik/flask-session-captcha/pull/27
github.com/Tethik/flask-session-captcha/releases/tag/v1.2.1
github.com/Tethik/flask-session-captcha/security/advisories/GHSA-7r87-cj48-wj45
Related
osv
osv
PYSEC-2022-193
2022-04-25 22:15:00
Potential Captcha Validate Bypass in flask-session-captcha
2022-04-26 21:19:52
CVE-2022-24880
2022-04-25 22:15:43
cvelist
cvelist
CVE-2022-24880 Potential Captcha Validate Bypass in flask-session-captcha
2022-04-25 22:10:13
cve
cve
CVE-2022-24880
2022-04-25 22:15:43
github
github
Potential Captcha Validate Bypass in flask-session-captcha
2022-04-26 21:19:52
prion
prion
Session fixation
2022-04-25 22:15:00
nvd
nvd
CVE-2022-24880
2022-04-25 22:15:43