Cross-site Request Forgery (CSRF) Affecting flask-security package, versions [,1.6.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-FLASKSECURITY-2419152
- published 8 Mar 2022
- disclosed 8 Mar 2022
- credit Unknown
How to fix?
Upgrade Flask-Security
to version 1.6.0 or higher.
Overview
Flask-Security is a Simple security for Flask apps.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to missing validation in AJAX requests.
References
CVSS Scores
version 3.1