Skip to main content

Flask Security Too

2 CVEs product

Monthly

CVE-2023-49438 PyPI MEDIUM POC PATCH This Month

An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Open Redirect Flask Security Too
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-21241 PyPI HIGH PATCH This Week

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Python Flask Security Too
NVD GitHub
CVSS 3.1
7.4
EPSS
0.9%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Open Redirect Flask Security Too
NVD GitHub
EPSS 1% CVSS 7.4
HIGH PATCH This Week

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Python Flask Security Too
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy