python-flask-security-too

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Quick and simple security for Flask applications
Version 3.3.3-3 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1434 3.3.3-3 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-21241 AVG-1434 High Yes Cross-site request forgery
In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token...