5.5.2
12 years ago
4 months ago
Known vulnerabilities in the Flask-Security package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Information Exposure. An attacker could send a GET request to How to fix Information Exposure? Upgrade | [,5.5.1) |
Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory. A GET request to How to fix Insertion of Sensitive Information into Externally-Accessible File or Directory? Upgrade | [,5.5.1) |
Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Open Redirect via the the Note: With Werkzeug >=2.1.0 the How to fix Open Redirect? There is no fixed version for | [0,) |
Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Timing Attack. The time it takes to process a login request is considerably less if the user-specified doesn't exist than if the password is incorrect. This can be used as a user enumeration attack, even if the login error messages were customized to avoid this. How to fix Timing Attack? A fix was pushed into the | [0,) |
Flask-Security is a Simple security for Flask apps. Affected versions of this package are vulnerable to Open Redirect. When using the This vulnerability is only exploitable if an alternative WSGI server other than Note: How to fix Open Redirect? There is no fixed version for | [0,) |