AVG-1434 - python-flask-security-too - Arch Linux
AVG-1434 log
| Package | python-flask-security-too |
| Status | Vulnerable |
| Severity | High |
| Type | cross-site request forgery |
| Affected | 3.3.3-3 |
| Fixed | Unknown |
| Current | 3.3.3-3 [community] |
| Ticket | FS#70041 |
| Created | Mon Jan 11 22:40:11 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-21241 | High | Yes | Cross-site request forgery | In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token... |