admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-07-05 11:00:55 +00:00
parent 75f59ab1b8
commit 5ef2fb5a3d
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
2021/23xxx/CVE-2021-23401.json
View File

@ -48,16 +48,19 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/SNYK-PYTHON-FLASKUSER-1293188"
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-PYTHON-FLASKUSER-1293188",
"name": "https://snyk.io/vuln/SNYK-PYTHON-FLASKUSER-1293188"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/lingthio/Flask-User"
"refsource": "MISC",
"url": "https://github.com/lingthio/Flask-User",
"name": "https://github.com/lingthio/Flask-User"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/lingthio/Flask-User/blob/master/flask_user/user_manager__utils.py"
"refsource": "MISC",
"url": "https://github.com/lingthio/Flask-User/blob/master/flask_user/user_manager__utils.py",
"name": "https://github.com/lingthio/Flask-User/blob/master/flask_user/user_manager__utils.py"
}
]
},
@ -65,7 +68,7 @@
"description_data": [
{
"lang": "eng",
"value": "This affects all versions of package Flask-User.\n When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\\\\evil.com/path.\r\n\r\nThis vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.\n"
"value": "This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\\\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False."
}
]
},