Rui Yang
Rui Yang
Hey team, First off, kudos on building such an impressive project with openalgo. It's already rocking as a single-user tool, but have you ever considered taking it to the next...
Hi Flask team, We recently analyzed several Flask-based applications and noticed a recurring security concern related to url_for(..., _external=True) when used in untrusted request contexts. Specifically, since it uses request.host...
## Security Advisory: Host Header Injection Leading to Password Reset Poisoning **Description** A business logic flaw exists in Hashview: the Flask application does not configure `SERVER_NAME`. Consequently, when using `url_for(...,...
Dear Hashview Maintainers, We have identified a security vulnerability in the password reset functionality of this project and have responsibly reported it to MITRE. A CVE ID has been reserved...
## Security Advisory: Host Header Injection Leading to Password Reset Poisoning **Description** JobCenter is vulnerable to Host Header injection due to the absence of a properly configured `SERVER_NAME` in the...
Dear JobCenter Maintainers, We have identified a security vulnerability in the password reset functionality of this project and have responsibly reported it to MITRE. A CVE ID has been reserved...
Hi, I have found a vulnerability related to password-reset link generation. I will not publish any exploit details until a patch is available. Please contact me at: [email protected] Thanks, Rui...
## Security Advisory: Host Header Injection Leading to Password Reset Poisoning **Description** fblog contains a Host Header injection vulnerability due to the lack of a configured `SERVER_NAME` in the Flask...
Dear fblog Maintainers, We have identified a security vulnerability in the password reset functionality of this project and have responsibly reported it to MITRE. A CVE ID has been reserved...