User Impersonation

Affecting shiftboiler package, versions [,0.6.5)

low severity

Overview

shiftboiler is a setup of flask framework integrated with a number of libraries to quickly bootstrap app development.

Affected versions of this package are vulnerable to User Impersonation attack. If the google login did not return an id, a malicious user could takeover another user's account.

Remediation

Upgrade shiftboiler to version 0.6.5 or higher.

References

Do your applications use this vulnerable package?

Credit
Unknown
CWE
CWE-520
Snyk ID
SNYK-PYTHON-SHIFTBOILER-72558
Disclosed
09 Oct, 2018
Published
04 Nov, 2018