AVG-1434 log

Package python-flask-security-too
Status Fixed
Severity High
Type cross-site request forgery
Affected 3.3.3-3
Fixed 4.0.1-1
Current 5.5.2-1 [extra-testing]
5.4.3-4 [extra]
Ticket FS#70041
Created Mon Jan 11 22:40:11 2021
Issue Severity Remote Type Description
CVE-2021-21241 High Yes Cross-site request forgery
In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token...
Date Advisory Package Type
19 May 2021 ASA-202105-2 python-flask-security-too cross-site request forgery