FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
06492bd5-085a-4cc0-9743-e30164bdcb1cpy-flask-security -- user redirect to arbitrary URL vulnerability

Snyk reports:

This affects all versions of package Flask-Security.

When using the `get_post_logout_redirect` and `get_post_login_redirect` functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as `\\\evil.com/path`.

This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using `'autocorrect_location_header=False`.

**Note:** Flask-Security is not maintained anymore.


Discovery 2022-08-02
Entry 2023-08-31
py37-flask-security
py38-flask-security
py39-flask-security
py310-flask-security
py311-flask-security
<= 3.0.0_1

CVE-2021-23385
https://osv.dev/vulnerability/GHSA-cg8c-gc2j-2wf7