exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2021-23385

больше 3 лет назад

This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore.

CVSS3: 5.4

EPSS: Низкий

CVE-2021-23385

больше 3 лет назад

This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore.

CVSS3: 5.4

EPSS: Низкий

CVE-2021-23385

больше 3 лет назад

This affects all versions of package Flask-Security. When using the ge ...

CVSS3: 5.4

EPSS: Низкий

SUSE-SU-2022:3867-1

больше 3 лет назад

Security update for python-Flask-Security-Too

EPSS: Низкий

SUSE-SU-2022:3834-1

больше 3 лет назад

Security update for python-Flask-Security

EPSS: Низкий

GHSA-cg8c-gc2j-2wf7

больше 3 лет назад

Flask-Security vulnerable to Open Redirect

CVSS3: 6.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-23385 This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. Note: Flask-Security is not maintained anymore.	CVSS3: 5.4	0% Низкий	больше 3 лет назад
CVE-2021-23385 This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. Note: Flask-Security is not maintained anymore.	CVSS3: 5.4	0% Низкий	больше 3 лет назад
CVE-2021-23385 This affects all versions of package Flask-Security. When using the ge ...	CVSS3: 5.4	0% Низкий	больше 3 лет назад
SUSE-SU-2022:3867-1 Security update for python-Flask-Security-Too		0% Низкий	больше 3 лет назад
SUSE-SU-2022:3834-1 Security update for python-Flask-Security		0% Низкий	больше 3 лет назад
GHSA-cg8c-gc2j-2wf7 Flask-Security vulnerable to Open Redirect	CVSS3: 6.1	0% Низкий	больше 3 лет назад

Уязвимостей на страницу