python-flask-security-too
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Quick and simple security for Flask applications |
| Version | 4.1.6-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1965 | 4.0.1-4 | 4.1.0-1 | Low | Fixed | |
| AVG-1434 | 3.3.3-3 | 4.0.1-1 | High | Fixed | FS#70041 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-32618 | AVG-1965 | Low | Yes | Open redirect | All versions of Flask-Security-Too allow redirects after many successful views (e.g. /login) by honoring the ?next query param. There is code in FS to... |
| CVE-2021-21241 | AVG-1434 | High | Yes | Cross-site request forgery | In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 19 May 2021 | ASA-202105-2 | AVG-1434 | High | cross-site request forgery |