Homepage
About Snyk

flask-security-too@5.1.1 vulnerabilities

Quickly add security features to your Flask application.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the flask-security-too package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Open Redirect

Affected versions of this package are vulnerable to Open Redirect via the the /login and /register routes, using the ?next parameter.

Note:

With Werkzeug >=2.1.0 the autocorrect_location_header configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if they are using Werkzeug >=2.1.0 as the WSGI layer.

How to fix Open Redirect?

Upgrade Flask-Security-Too to version 5.3.3 or higher.

[,5.3.3)
Go back to all versions of this package