CVE-2021-21241: Cross-Site Request Forgery (CSRF)
(updated )
In Flask-Security-Too, the /login
and /change
endpoints can return the authenticated user’s authentication token in response to a GET request.
References
Detect and mitigate CVE-2021-21241 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →