[ubuntu/jammy-security] flask-security 4.0.0-1ubuntu0.1 (Accepted)
Eduardo Barretto
eduardo.barretto at canonical.com
Tue May 28 09:07:07 UTC 2024
flask-security (4.0.0-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Possible open redirect vulnerability
- debian/patches/CVE-2021-23385.patch: Updated
flask_security/core.py, flask_security/utils.py and tests/test_misc.py
to prevent possible URL validation bypass and user redirection to an
arbitrary URL by providing multiple back slashes such as
\\\evil.com/path.
- CVE-2021-23385
Date: 2024-05-27 13:13:09.706123+00:00
Changed-By: Chrisa Oikonomou <chrisa.oikonomou at canonical.com>
Signed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/flask-security/4.0.0-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list