Flask-User@0.5.4 vulnerabilities

Customizable User Authentication & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Direct Vulnerabilities

Known vulnerabilities in the Flask-User package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Open Redirect

Flask-User is a Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Affected versions of this package are vulnerable to Open Redirect. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path.

This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False`.

How to fix Open Redirect?

There is no fixed version for Flask-User.

[0,)