python-flask-security-too
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Quick and simple security for Flask applications |
Version |
5.5.2-1 [extra-testing] 5.4.3-4 [extra] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1965 | 4.0.1-4 | 4.1.0-1 | Low | Fixed | |
AVG-1434 | 3.3.3-3 | 4.0.1-1 | High | Fixed | FS#70041 |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-32618 | AVG-1965 | Low | Yes | Open redirect | All versions of Flask-Security-Too allow redirects after many successful views (e.g. /login) by honoring the ?next query param. There is code in FS to... |
CVE-2021-21241 | AVG-1434 | High | Yes | Cross-site request forgery | In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token... |
Advisories
Date | Advisory | Group | Severity | Type |
---|---|---|---|---|
19 May 2021 | ASA-202105-2 | AVG-1434 | High | cross-site request forgery |