flask-security-too@3.4.4 vulnerabilities
Quickly add security features to your Flask application.
-
latest version
5.5.2
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
2 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the flask-security-too package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Open Redirect via the the Note: With Werkzeug >=2.1.0 the How to fix Open Redirect? Upgrade |
[,5.3.3)
|
Affected versions of this package are vulnerable to Authentication Bypass such that it is possible for a malicious 3rd party to access the QRcode and therefore gain access to two-factor authentication codes. Note: The How to fix Authentication Bypass? Upgrade |
[3.2.0,3.4.5)
|
Affected versions of this package are vulnerable to Open Redirect. When using the This vulnerability is only exploitable if an alternative WSGI server other than How to fix Open Redirect? Upgrade |
[0,4.1.0)
|
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). When a user is setting up two-factor authentication using an authenticator app, a QRcode is generated and made available via a GET request to /tf-qrcode. Since GETs do not have any CSRF protection, it is possible a malicious 3rd party could access the QRcode and therefore gain access to two-factor authentication codes. Note that the /tf-qrcode endpoint is ONLY accessible while the user is initially setting up their device. Once setup is complete, there is no vulnerability. How to fix Cross-site Request Forgery (CSRF)? Upgrade |
[3.2.0,3.4.5)
|
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). The How to fix Cross-site Request Forgery (CSRF)? Upgrade |
[3.3.0,3.4.5)
|