Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-24880

Good to know:

icon

Date: April 25, 2022

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work.

Language: Python

Severity Score

Related Resources (6)

https://github.com/Tethik/flask-session-captcha/pull/27
https://github.com/Tethik/flask-session-captcha/releases/tag/v1.2.1
https://github.com/Tethik/flask-session-captcha/commit/2811ae23a38d33b620fb7a07de8837c6d65c13e4
https://github.com/Tethik/flask-session-captcha/security/advisories/GHSA-7r87-cj48-wj45
https://nvd.nist.gov/vuln/detail/CVE-2022-24880
https://www.mend.io/vulnerability-database/CVE-2022-24880

Severity Score

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Top Fix

icon

Upgrade Version

Upgrade to version flask-session-captcha - v1.2.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us