Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flask vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-32618
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects aft...
Flask-security Project Flask-security
1 Github repository
9.3
CVSSv3
CVE-2022-31512
The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Flask-mvc Project Flask-mvc
9.3
CVSSv3
CVE-2022-31559
The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Flask-yeoman Project Flask-yeoman
7.4
CVSSv3
CVE-2016-1000001
flask-oidc version 0.1.2 and previous versions is vulnerable to an open redirect
Flask-oidc Project Flask-oidc
5.3
CVSSv3
CVE-2022-21659
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time...
Flask-appbuilder Project Flask-appbuilder
6.1
CVSSv3
CVE-2021-23385
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vu...
Flask-security Project Flask-security
6.1
CVSSv3
CVE-2021-23401
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only ex...
Flask-user Project Flask-user
5.4
CVSSv3
CVE-2021-23393
This affects the package Flask-Unchained prior to 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exp...
Flask Unchained Project Flask Unchained
8.8
CVSSv3
CVE-2021-41265
Flask-AppBuilder is a development framework built on top of Flask. Verions before 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existi...
Flask-appbuilder Project Flask-appbuilder
6.1
CVSSv3
CVE-2022-24776
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are curre...
Flask-appbuilder Project Flask-appbuilder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »