CVE-2023-49438

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-49438

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49438.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-49438

Aliases

Downstream

openSUSE-SU-2024:13563-1

openSUSE-SU-2024:14555-1

Related

Withdrawn

2024-07-31T03:45:30.458299Z

Published

2023-12-26T22:15:13Z

Modified

2024-05-14T11:54:12.589578Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.

References

Affected packages

Git / github.com/flask-middleware/flask-security

Affected ranges

Type: GIT
Repo: https://github.com/flask-middleware/flask-security
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2555df3ede334effe2b734fafdf4b578d760223a

Affected versions

1.*

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

3.*

3.0.0

3.0.1

3.0.1-rc1

3.0.1-rc2

3.0.1rc3

3.0.2

3.1.0rc1

3.2.0

3.2.0rc1

3.2.0rc2

3.2.0rc3

3.2.0rc4

3.3.0

3.3.0rc1

3.3.0rc2

3.3.0rc3

3.3.1

3.3.2

3.4.0

3.4.1

3.4.2

4.*

4.0.0

4.0.0rc1

4.0.1

4.1.0

4.1.1

4.1.2

5.*

5.0.0

5.0.1

5.0.2

5.1.0

5.1.1

5.1.2

5.2.0

5.3.0

5.3.1

5.3.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49438.json"