cbcvebase.

Flask-Security-Too Project Flask-Security-Too vulnerabilities

4 known vulnerabilities affecting flask-security-too_project/flask-security-too.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2021-32618P3LOWPoC≥ 0, < 4.1.02021-05-17
CVE-2021-32618 [LOW] CWE-601 Open Redirect in Flask-Security-Too Open Redirect in Flask-Security-Too ### Impact Flask-Security allows redirects after many successful views (e.g. /login) by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc (network location) as the requesting URL. This check utilizes Pythons urlsplit library. However many browsers are very lenient on the kind of URL they accept
ghsaosv
CVE-2023-49438P4MEDIUMCVSS 6.1PoC≤ 5.3.22023-12-26
CVE-2023-49438 [MEDIUM] CWE-601 CVE-2023-49438: An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
ghsanvdosv
CVE-2021-21241P3HIGHCVSS 7.4≥ 3.3.0, < 3.4.52021-01-11
CVE-2021-21241 [HIGH] CWE-352 CVE-2021-21241: The Python "Flask-Security-Too" package is used for adding security features to your Flask applicati The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's au
ghsanvdosv
CVE-2026-46715MEDIUM≥ 5.8.0, < 5.8.12026-05-22
CVE-2026-46715 [MEDIUM] CWE-287 Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance ### Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAu
ghsa
Flask-Security-Too Project Flask-Security-Too vulnerabilities | cvebase