flask-security@1.5.1 vulnerabilities

Quickly add security features to your Flask application.

Direct Vulnerabilities

Known vulnerabilities in the flask-security package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

Flask-Security is a Simple security for Flask apps.

Affected versions of this package are vulnerable to Information Exposure. An attacker could send a GET request to /login?include_auth_token that returns an authentication token without performing a CSRF check.

How to fix Information Exposure?

Upgrade Flask-Security to version 5.5.1 or higher.

[,5.5.1)
  • M
Insertion of Sensitive Information into Externally-Accessible File or Directory

Flask-Security is a Simple security for Flask apps.

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory. A GET request to /tf-qrcode returns the QR code without requiring a CSRF token. If other security measures, such as CORS, fail, an attacker could load this image on a third-party site visited by a logged-in user, allowing them to obtain the TOTP secret and generate valid 2FA codes in the future, as the secret does not change.

How to fix Insertion of Sensitive Information into Externally-Accessible File or Directory?

Upgrade Flask-Security to version 5.5.1 or higher.

[,5.5.1)
  • M
Open Redirect

Flask-Security is a Simple security for Flask apps.

Affected versions of this package are vulnerable to Open Redirect via the the /login and /register routes, using the ?next parameter.

Note:

With Werkzeug >=2.1.0 the autocorrect_location_header configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if they are using Werkzeug >=2.1.0 as the WSGI layer.

How to fix Open Redirect?

There is no fixed version for Flask-Security.

[0,)
  • M
Timing Attack

Flask-Security is a Simple security for Flask apps.

Affected versions of this package are vulnerable to Timing Attack. The time it takes to process a login request is considerably less if the user-specified doesn't exist than if the password is incorrect. This can be used as a user enumeration attack, even if the login error messages were customized to avoid this.

How to fix Timing Attack?

A fix was pushed into the master branch but not yet published.

[0,)
  • M
Cross-site Request Forgery (CSRF)

Flask-Security is a Simple security for Flask apps.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to missing validation in AJAX requests.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade Flask-Security to version 1.6.0 or higher.

[,1.6.0)
  • M
Open Redirect

Flask-Security is a Simple security for Flask apps.

Affected versions of this package are vulnerable to Open Redirect. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path.

This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False`.

Note: Flask-Security is not maintained anymore.

How to fix Open Redirect?

There is no fixed version for Flask-Security.

[0,)