Affecting shiftboiler package, versions [,0.6.5)
shiftboiler is a setup of flask framework integrated with a number of libraries to quickly bootstrap app development.
Affected versions of this package are vulnerable to User Impersonation attack. If the google login did not return an id, a malicious user could takeover another user's account.
shiftboiler to version 0.6.5 or higher.
Do your applications use this vulnerable package?
- Snyk ID
- 09 Oct, 2018
- 04 Nov, 2018