PYSEC-2022-193

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/flask-session-captcha/PYSEC-2022-193.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2022-193

Aliases

Published

2022-04-25T22:15:00Z

Modified

2023-11-01T04:58:11.572598Z

Summary

[none]

Details

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he captcha.validate() function would return None if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be False, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work.

References

Affected packages

PyPI / flask-session-captcha

Package

Name: flask-session-captcha; View open source insights on deps.dev
Purl: pkg:pypi/flask-session-captcha

Affected ranges

Type: GIT
Repo: https://github.com/Tethik/flask-session-captcha
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2811ae23a38d33b620fb7a07de8837c6d65c13e4

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.1

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.1.0

1.2.0