python-flask-security-too

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Quick and simple security for Flask applications
Version 5.5.2-1 [extra-testing]
5.4.3-4 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1965 4.0.1-4 4.1.0-1 Low Fixed
AVG-1434 3.3.3-3 4.0.1-1 High Fixed FS#70041
Issue Group Severity Remote Type Description
CVE-2021-32618 AVG-1965 Low Yes Open redirect
All versions of Flask-Security-Too allow redirects after many successful views (e.g. /login) by honoring the ?next query param. There is code in FS to...
CVE-2021-21241 AVG-1434 High Yes Cross-site request forgery
In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token...

Advisories

Date Advisory Group Severity Type
19 May 2021 ASA-202105-2 AVG-1434 High cross-site request forgery